{ "CVE_data_type" : "CVE", "CVE_data_format" : "MITRE", "CVE_data_version" : "4.0", "CVE_data_numberOfCVEs" : "6201", "CVE_data_timestamp" : "2025-05-15T07:01Z", "CVE_Items" : [ { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0356", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/95420", "name" : "95420", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/95420", "name" : "95420", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ikiwiki.info/security/#cve-2017-0356", "name" : "https://ikiwiki.info/security/#cve-2017-0356", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://ikiwiki.info/security/#cve-2017-0356", "name" : "https://ikiwiki.info/security/#cve-2017-0356", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://marc.info/?l=oss-security&m=148418234314276&w=2", "name" : "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://marc.info/?l=oss-security&m=148418234314276&w=2", "name" : "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3760", "name" : "DSA-3760", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3760", "name" : "DSA-3760", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.20170111", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T15:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0357", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/95432", "name" : "95432", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/95432", "name" : "95432", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://gitlab.com/iucode-tool/iucode-tool/issues/3", "name" : "https://gitlab.com/iucode-tool/iucode-tool/issues/3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://gitlab.com/iucode-tool/iucode-tool/issues/3", "name" : "https://gitlab.com/iucode-tool/iucode-tool/issues/3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0357", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0357", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0357", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0357", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:iucode-tool_project:iucode-tool:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4", "versionEndExcluding" : "2.1.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T15:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0358", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2017/02/04/1", "name" : "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/02/04/1", "name" : "[oss-security] 20170203 Re: CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/95987", "name" : "95987", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/95987", "name" : "95987", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://marc.info/?l=oss-security&m=148594671929354&w=2", "name" : "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://marc.info/?l=oss-security&m=148594671929354&w=2", "name" : "[oss-security] 20170201 CVE-2017-0358 ntfs-3g: modprobe influence vulnerability via environment variables", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201702-10", "name" : "GLSA-201702-10", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201702-10", "name" : "GLSA-201702-10", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3780", "name" : "DSA-3780", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2017/dsa-3780", "name" : "DSA-3780", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/41240/", "name" : "41240", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/41240/", "name" : "41240", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/41356/", "name" : "41356", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/41356/", "name" : "41356", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tuxera:ntfs-3g:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2016.2.22", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T15:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0359", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.debian.org/854723", "name" : "https://bugs.debian.org/854723", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/854723", "name" : "https://bugs.debian.org/854723", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0359", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0359", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0359", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0359", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:reproducible_builds:diffoscope:*:*:*:*:*:*:*:*", "versionEndExcluding" : "77", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0361", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1039812", "name" : "1039812", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039812", "name" : "1039812", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T125177", "name" : "https://phabricator.wikimedia.org/T125177", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T125177", "name" : "https://phabricator.wikimedia.org/T125177", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0361", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0361", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0361", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0361", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0362", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T150044", "name" : "https://phabricator.wikimedia.org/T150044", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T150044", "name" : "https://phabricator.wikimedia.org/T150044", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0362", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0362", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0362", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0362", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the \"Mark all pages visited\" on the watchlist does not require a CSRF token." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0363", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T109140", "name" : "https://phabricator.wikimedia.org/T109140", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T109140", "name" : "https://phabricator.wikimedia.org/T109140", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0363", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0363", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0363", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0363", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0364", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T122209", "name" : "https://phabricator.wikimedia.org/T122209", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T122209", "name" : "https://phabricator.wikimedia.org/T122209", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0364", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0364", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0364", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0364", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0365", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T144845", "name" : "https://phabricator.wikimedia.org/T144845", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T144845", "name" : "https://phabricator.wikimedia.org/T144845", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0365", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0365", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0365", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0365", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.6 }, "severity" : "LOW", "exploitabilityScore" : 4.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0366", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T151735", "name" : "https://phabricator.wikimedia.org/T151735", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T151735", "name" : "https://phabricator.wikimedia.org/T151735", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0366", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0366", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0366", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0366", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0367", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-668" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T161453", "name" : "https://phabricator.wikimedia.org/T161453", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T161453", "name" : "https://phabricator.wikimedia.org/T161453", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0367", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0367", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0367", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0367", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0368", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T156184", "name" : "https://phabricator.wikimedia.org/T156184", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T156184", "name" : "https://phabricator.wikimedia.org/T156184", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0368", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0368", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0368", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0368", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0369", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T108138", "name" : "https://phabricator.wikimedia.org/T108138", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T108138", "name" : "https://phabricator.wikimedia.org/T108138", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0369", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0369", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0369", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0369", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0370", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T48143", "name" : "https://phabricator.wikimedia.org/T48143", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T48143", "name" : "https://phabricator.wikimedia.org/T48143", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0370", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0370", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0370", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0370", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.23.0", "versionEndIncluding" : "1.23.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.27.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0371", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://phabricator.wikimedia.org/T140591", "name" : "https://phabricator.wikimedia.org/T140591", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T140591", "name" : "https://phabricator.wikimedia.org/T140591", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T68404", "name" : "https://phabricator.wikimedia.org/T68404", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T68404", "name" : "https://phabricator.wikimedia.org/T68404", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style=\"background-image: attr(title url);\" attack within a DIV element that has an attacker-controlled URL in the title attribute." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.28.0", "versionEndExcluding" : "1.28.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.24.0", "versionEndExcluding" : "1.27.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.23.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2022-02-18T23:15Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0372", "ASSIGNER" : "security@debian.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.debian.org/861585", "name" : "https://bugs.debian.org/861585", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugs.debian.org/861585", "name" : "https://bugs.debian.org/861585", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html", "name" : "[mediawiki-announce] 20170406 Security Release: 1.28.1 / 1.27.2 / 1.23.16", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html", "name" : "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html", "name" : "[mediawiki-announce] 20170430 Security release 1.27.3 and 1.28.2", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T158689", "name" : "https://phabricator.wikimedia.org/T158689", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://phabricator.wikimedia.org/T158689", "name" : "https://phabricator.wikimedia.org/T158689", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0372", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-0372", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-0372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:1.28.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:1.28.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:1.27.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.23.15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mediawiki:mediawiki:1.27.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0431", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/96068", "name" : "96068", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/96068", "name" : "96068", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1037798", "name" : "1037798", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1037798", "name" : "1037798", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-02-01", "name" : "https://source.android.com/security/bulletin/2017-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-02-01", "name" : "https://source.android.com/security/bulletin/2017-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0605", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-12T15:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0744", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100210", "name" : "100210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100210", "name" : "100210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-08-01", "name" : "https://source.android.com/security/bulletin/2017-08-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-08-01", "name" : "https://source.android.com/security/bulletin/2017-08-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in the NVIDIA firmware processing code. Product: Android. Versions: Android kernel. Android ID: A-34112726. References: N-CVE-2017-0744." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0748", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100210", "name" : "100210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100210", "name" : "100210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-08-01", "name" : "https://source.android.com/security/bulletin/2017-08-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-08-01", "name" : "https://source.android.com/security/bulletin/2017-08-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Qualcomm audio driver. Product: Android. Versions: Android Kernel. Android ID: A-35764875. References: QC-CR#2029798." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0751", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100210", "name" : "100210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100210", "name" : "100210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2017-08-01", "name" : "https://source.android.com/security/bulletin/2017-08-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2017-08-01", "name" : "https://source.android.com/security/bulletin/2017-08-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in the Qualcomm QCE driver. Product: Android. Versions: Android kernel. Android ID: A-36591162. References: QC-CR#2045061." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0846", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0855", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64452857." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0869", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" }, { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102374", "name" : "102374", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102374", "name" : "102374", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NVIDIA driver contains an integer overflow vulnerability which could cause a use after free and possibly lead to an elevation of privilege enabling code execution as a privileged process. This issue is rated as high. Version: N/A. Android ID: A-37776156. References: N-CVE-2017-0869." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T15:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0908", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16510. Reason: This candidate is a reservation duplicate of CVE-2017-16510. Notes: All CVE users should reference CVE-2017-16510 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-11-13T09:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0911", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html", "name" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html", "name" : "https://blog.twitter.com/developer/en_us/topics/tips/2018/vulnerability-in-twitter-kit-for-ios.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71", "name" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71", "name" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/Social/Identity/TWTRMobileSSO.m#L71", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411", "name" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411", "name" : "https://github.com/twitter/twitter-kit-ios/blob/b6eb49d149b056d826cbc4b53eaeb39a3ebd591e/TwitterKit/TwitterKit/TWTRTwitter.m#L411", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017", "name" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017", "name" : "https://github.com/twitter/twitter-kit-ios/wiki/Changelog#322-november-28-2017", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/290229", "name" : "https://hackerone.com/reports/290229", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/290229", "name" : "https://hackerone.com/reports/290229", "refsource" : "", "tags" : [ "Permissions Required", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback verification flaw in the \"Login with Twitter\" component allowing an attacker to provide alternate credentials. In the final step of \"Login with Twitter\" authentication information is passed back to the application using the registered custom URL scheme (typically twitterkit-) on iOS. Because the callback handler did not verify the authenticity of the response, this step is vulnerable to forgery, potentially allowing attacker to associate a Twitter account with a third-party service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:twitter:twitter_kit:*:*:*:*:*:iphone_os:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-09T22:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0912", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "name" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "name" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"Scheduling\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ui:ucrm:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.5.0", "versionEndIncluding" : "2.7.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T21:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0913", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "name" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "name" : "https://community.ubnt.com/t5/UCRM/New-UCRM-upgrades-available-2-8-2-and-2-9-0-beta3/td-p/2211814", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/301406", "name" : "https://hackerone.com/reports/301406", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/301406", "name" : "https://hackerone.com/reports/301406", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with \"Edit\" access to \"System Customization\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ubnt:ucrm:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.3.0", "versionEndIncluding" : "2.7.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-03T21:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0914", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/298176", "name" : "https://hackerone.com/reports/298176", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/298176", "name" : "https://hackerone.com/reports/298176", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "9.4.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "9.4.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0915", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/298873", "name" : "https://hackerone.com/reports/298873", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/298873", "name" : "https://hackerone.com/reports/298873", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "8.9.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "8.9.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0916", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/299473", "name" : "https://hackerone.com/reports/299473", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/299473", "name" : "https://hackerone.com/reports/299473", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "8.8.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "8.8.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0917", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/299525", "name" : "https://hackerone.com/reports/299525", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/299525", "name" : "https://hackerone.com/reports/299525", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the CI job component resulting in persistent cross site scripting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.1.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0918", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/301432", "name" : "https://hackerone.com/reports/301432", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/301432", "name" : "https://hackerone.com/reports/301432", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 10.3 is vulnerable to a path traversal issue in the GitLab CI runner component resulting in remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "8.4.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "8.4.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.15", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartExcluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartExcluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0919", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://hackerone.com/reports/301137", "name" : "https://hackerone.com/reports/301137", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/301137", "name" : "https://hackerone.com/reports/301137", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the GitLab import component resulting in an attacker being able to perform operations under a group in which they were previously unauthorized." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndExcluding" : "10.3.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndExcluding" : "10.2.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndExcluding" : "10.3.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndExcluding" : "10.2.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionEndExcluding" : "10.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionEndExcluding" : "10.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-03T21:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0920", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/301336", "name" : "https://hackerone.com/reports/301336", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/301336", "name" : "https://hackerone.com/reports/301336", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4206", "name" : "DSA-4206", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4206", "name" : "DSA-4206", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::MergeRequests::CreationsController component resulting in an attacker to see every project name and their respective namespace on a GitLab instance." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "8.8.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartExcluding" : "8.8.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartExcluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartExcluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-22T15:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0921", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-640" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/", "name" : "https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/", "name" : "https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an unverified password change issue in the PasswordsController component resulting in potential account takeover if a victim's session is compromised." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndExcluding" : "10.3.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndExcluding" : "10.2.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndExcluding" : "10.3.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndExcluding" : "10.2.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionEndExcluding" : "10.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionEndExcluding" : "10.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-03T21:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0922", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/301123", "name" : "https://hackerone.com/reports/301123", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/301123", "name" : "https://hackerone.com/reports/301123", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Enterprise Edition version 10.3 is vulnerable to an authorization bypass issue in the GitLab Projects::BoardsController component resulting in an information disclosure on any board object." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "9.1.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0923", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/293740", "name" : "https://hackerone.com/reports/293740", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/293740", "name" : "https://hackerone.com/reports/293740", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:9.5.10:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:10.1.5:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:10.2.5:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:10.3.3:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0924", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/294099", "name" : "https://hackerone.com/reports/294099", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://hackerone.com/reports/294099", "name" : "https://hackerone.com/reports/294099", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 10.2.4 is vulnerable to lack of input validation in the labels component resulting in persistent cross site scripting." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0925", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-319" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", "name" : "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", "name" : "https://gitlab.com/gitlab-org/gitlab-ee/issues/3847", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Enterprise Edition version 10.1.0 is vulnerable to an insufficiently protected credential issue in the project service integration API endpoint resulting in an information disclosure of plaintext password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0926", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198", "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198", "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/32198", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4145", "name" : "DSA-4145", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthorized user login." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "8.8.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "8.8.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0927", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "name" : "https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594", "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594", "name" : "https://gitlab.com/gitlab-org/gitlab-ce/issues/37594", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the deployment keys component resulting in unauthorized use of deployment keys by guest users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "8.16.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.3.0", "versionEndIncluding" : "10.3.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.2.0", "versionEndIncluding" : "10.2.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "10.0.0", "versionEndIncluding" : "10.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "versionStartIncluding" : "8.16.0", "versionEndIncluding" : "9.5.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-21T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0928", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-642" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/guardian/html-janitor/issues/35", "name" : "https://github.com/guardian/html-janitor/issues/35", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/guardian/html-janitor/issues/35", "name" : "https://github.com/guardian/html-janitor/issues/35", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/308158", "name" : "https://hackerone.com/reports/308158", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/308158", "name" : "https://hackerone.com/reports/308158", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:theguardian:html-janitor:2.0.2:*:*:*:*:node.js:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-06-04T19:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0929", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3", "name" : "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3", "name" : "https://github.com/dnnsoftware/Dnn.Platform/commit/d3953db85fee77bb5e6383747692c507ef8b94c3", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-03T21:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0930", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://hackerone.com/reports/296282", "name" : "https://hackerone.com/reports/296282", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/296282", "name" : "https://hackerone.com/reports/296282", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "augustine node module suffers from a Path Traversal vulnerability due to lack of validation of url, which allows a malicious user to read content of any file with known path." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:augustine_project:augustine:0.2.3:*:*:*:*:node.js:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-04T19:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0931", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/guardian/html-janitor/issues/34", "name" : "https://github.com/guardian/html-janitor/issues/34", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/guardian/html-janitor/issues/34", "name" : "https://github.com/guardian/html-janitor/issues/34", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/308155", "name" : "https://hackerone.com/reports/308155", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/308155", "name" : "https://hackerone.com/reports/308155", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:html-janitor_project:html-janitor:2.0.2:*:*:*:*:node.js:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-04T19:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0932", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/239719", "name" : "https://hackerone.com/reports/239719", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/239719", "name" : "https://hackerone.com/reports/239719", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of validation on the input of the Feature functionality. An attacker with access to an operator (read-only) account and ssh connection to the devices could escalate privileges to admin (root) access in the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubnt:edgeos:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.9.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-22T14:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0933", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/240098", "name" : "https://hackerone.com/reports/240098", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/240098", "name" : "https://hackerone.com/reports/240098", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a Cross-Site Request Forgery (CSRF) vulnerability. An attacker with access to an operator (read-only) account could lure an admin (root) user to access the attacker-controlled page, allowing the attacker to gain admin privileges in the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubnt:edgeos:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.9.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 6.8, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-22T14:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0934", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-release-v1-9-1-1/ba-p/1910524", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/241044", "name" : "https://hackerone.com/reports/241044", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/241044", "name" : "https://hackerone.com/reports/241044", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubnt:edgeos:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.9.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-22T14:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0935", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "name" : "https://community.ubnt.com/t5/EdgeMAX-Updates-Blog/EdgeMAX-EdgeRouter-software-security-release-v1-9-7-hotfix-3/ba-p/2054117", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/242407", "name" : "https://hackerone.com/reports/242407", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/242407", "name" : "https://hackerone.com/reports/242407", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an Improper Privilege Management vulnerability due to the lack of protection of the file system leading to sensitive information being exposed. An attacker with access to an operator (read-only) account could escalate privileges to admin (root) access in the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:edgeos:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.9.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-22T14:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0936", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-639" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://hackerone.com/reports/297751", "name" : "https://hackerone.com/reports/297751", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/297751", "name" : "https://hackerone.com/reports/297751", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001", "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001", "name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-001", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nextcloud:nextcloud_server:12.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.1, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-28T20:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0938", "ASSIGNER" : "support@hackerone.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v6-0-7-Has-Been-Released/ba-p/2056522", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215", "name" : "https://community.ubnt.com/t5/airMAX-Updates-Blog/airOS-v8-3-2-Has-Been-Released/ba-p/2049215", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://hackerone.com/reports/221625", "name" : "https://hackerone.com/reports/221625", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://hackerone.com/reports/221625", "name" : "https://hackerone.com/reports/221625", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Denial of Service attack in airMAX < 8.3.2 , airMAX < 6.0.7 and EdgeMAX < 1.9.7 allow attackers to use the Discovery Protocol in amplification attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.0.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:airos:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.7", "versionEndExcluding" : "8.3.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:airmax_ac:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ui:edgemax_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ui:edgemax:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-02-12T22:29Z", "lastModifiedDate" : "2024-11-21T03:03Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0981", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0982", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0983", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0984", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0985", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0986", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0987", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0988", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0989", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0990", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0991", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0992", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0993", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0994", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0995", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0996", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0997", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0998", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-0999", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000000", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. This issue lacks details and cannot be determined if it is a security issue or not. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-02-19T15:15Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000019", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-5938. Reason: This candidate is a reservation duplicate of CVE-2017-5938. Notes: All CVE users should reference CVE-2017-5938 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-07T20:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000036", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-17T13:18Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000040", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7853. Reason: This candidate is a reservation duplicate of CVE-2017-7853. Notes: All CVE users should reference CVE-2017-7853 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-07T20:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000041", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-7271. Reason: This candidate is a reservation duplicate of CVE-2017-7271. Notes: All CVE users should reference CVE-2017-7271 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-05-07T20:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000045", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-17T13:18Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000049", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-8864. Reason: This candidate is a reservation duplicate of CVE-2015-8864. Notes: All CVE users should reference CVE-2015-8864 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-17T13:18Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000055", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-17T13:18Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000057", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-17T13:18Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000076", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-05T01:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000077", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-05T01:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000123", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12425. Reason: This candidate is a reservation duplicate of CVE-2017-12425. Notes: All CVE users should reference CVE-2017-12425 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000124", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11366. Reason: This candidate is a reservation duplicate of CVE-2017-11366. Notes: All CVE users should reference CVE-2017-11366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T01:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000141", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-640" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.launchpad.net/mahara/+bug/1422492", "name" : "https://bugs.launchpad.net/mahara/+bug/1422492", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugs.launchpad.net/mahara/+bug/1422492", "name" : "https://bugs.launchpad.net/mahara/+bug/1422492", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Mahara before 18.10.0. It mishandled user requests that could discontinue a user's ability to maintain their own account (changing username, changing primary email address, deleting account). The correct behavior was to either prompt them for their password and/or send a warning to their primary email address." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*", "versionEndExcluding" : "18.10.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-30T19:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000161", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-11-17T19:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000162", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12474, CVE-2017-12475, CVE-2017-12476. Reason: This candidate is a reservation duplicate of CVE-2017-12474, CVE-2017-12475, and CVE-2017-12476. Notes: All CVE users should reference CVE-2017-12474, CVE-2017-12475, and/or CVE-2017-12476 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000165", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11366. Reason: This candidate is a reservation duplicate of CVE-2017-11366. Notes: All CVE users should reference CVE-2017-11366 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000166", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000167", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000175", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the Primary CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000177", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11097. Reason: This candidate is a reservation duplicate of CVE-2017-11097. Notes: All CVE users should reference CVE-2017-11097 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000178", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11096. Reason: This candidate is a reservation duplicate of CVE-2017-11096. Notes: All CVE users should reference CVE-2017-11096 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000179", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11101. Reason: This candidate is a reservation duplicate of CVE-2017-11101. Notes: All CVE users should reference CVE-2017-11101 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000180", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11100. Reason: This candidate is a reservation duplicate of CVE-2017-11100. Notes: All CVE users should reference CVE-2017-11100 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000181", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-10976. Reason: This candidate is a reservation duplicate of CVE-2017-10976. Notes: All CVE users should reference CVE-2017-10976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000183", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11099. Reason: This candidate is a reservation duplicate of CVE-2017-11099. Notes: All CVE users should reference CVE-2017-11099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000184", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11098. Reason: This candidate is a reservation duplicate of CVE-2017-11098. Notes: All CVE users should reference CVE-2017-11098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-20T22:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000202", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12933. Reason: This candidate is a reservation duplicate of CVE-2017-12933. Notes: All CVE users should reference CVE-2017-12933 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000204", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9920. Reason: This candidate is a reservation duplicate of CVE-2016-9920. Notes: All CVE users should reference CVE-2016-9920 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-11-17T20:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000205", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-9091. Reason: This candidate is a reservation duplicate of CVE-2017-9091. Notes: All CVE users should reference CVE-2017-9091 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000216", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11104. Reason: This candidate is a reservation duplicate of CVE-2017-11104. Notes: All CVE users should reference CVE-2017-11104 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-21T00:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000222", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-11-17T18:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000233", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11667. Reason: This candidate is a reservation duplicate of CVE-2017-11667. Notes: All CVE users should reference CVE-2017-11667 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-11-17T18:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000353", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/159266/Jenkins-2.56-CLI-Deserialization-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/159266/Jenkins-2.56-CLI-Deserialization-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/159266/Jenkins-2.56-CLI-Deserialization-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/159266/Jenkins-2.56-CLI-Deserialization-Code-Execution.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98056", "name" : "98056", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/98056", "name" : "98056", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/41965/", "name" : "41965", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/41965/", "name" : "41965", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2022.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2022.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.56", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.46.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-29T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000354", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98065", "name" : "98065", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98065", "name" : "98065", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The `login` command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to authenticate further commands. Users with sufficient permission to create secrets in Jenkins, and download their encrypted values (e.g. with Job/Configure permission), were able to impersonate any other Jenkins user on the same instance." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.56", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.46.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-29T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000355", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98066", "name" : "98066", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98066", "name" : "98066", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.56", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.46.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-29T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000356", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98062", "name" : "98062", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98062", "name" : "98062", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-04-26/", "name" : "https://jenkins.io/security/advisory/2017-04-26/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an issue in the Jenkins user database authentication realm: create an account if signup is enabled; or create an account if the victim is an administrator, possibly deleting the existing default admin user in the process and allowing a wide variety of impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.56", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.46.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-29T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000384", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16355. Reason: This candidate is a reservation duplicate of CVE-2017-16355. Notes: All CVE users should reference CVE-2017-16355 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-12-15T10:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000386", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101538", "name" : "101538", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101538", "name" : "101538", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Active Choices now sanitizes the HTML inserted on the 'Build With Parameters' page if and only if the script is executed in a sandbox. As unsandboxed scripts are subject to administrator approval, it is up to the administrator to allow or disallow problematic script output." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:active_choices:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "1.5.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:active_choices:1.5.3:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:active_choices:1.5.3:alpha:*:*:*:jenkins:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000387", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101544", "name" : "101544", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101544", "name" : "101544", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins Build-Publisher plugin version 1.21 and earlier stores credentials to other Jenkins instances in the file hudson.plugins.build_publisher.BuildPublisher.xml in the Jenkins master home directory. These credentials were stored unencrypted, allowing anyone with local file system access to access them. Additionally, the credentials were also transmitted in plain text as part of the configuration form. This could result in exposure of the credentials through browser extensions, cross-site scripting vulnerabilities, and similar situations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:build-publisher:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "1.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000388", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not perform permission checks for the API endpoint that modifies the dependency graph, allowing anyone with Overall/Read permission to modify this data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:dependency_graph_viewer:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "0.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000389", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. These responses had the Content Type: text/html, so could have been interpreted as HTML by clients, resulting in a potential reflected cross-site scripting vulnerability. Additionally, some URLs provided by global-build-stats plugin that modify data did not require POST requests to be sent, resulting in a potential cross-site request forgery vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:global-build-stats:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000390", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102824", "name" : "102824", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102824", "name" : "102824", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-23/", "name" : "https://jenkins.io/security/advisory/2017-10-23/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins Multijob plugin version 1.25 and earlier did not check permissions in the Resume Build action, allowing anyone with Job/Read permission to resume the build." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:multijob:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "1.25", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000391", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101773", "name" : "101773", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101773", "name" : "101773", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-11-08/", "name" : "https://jenkins.io/security/advisory/2017-11-08/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-11-08/", "name" : "https://jenkins.io/security/advisory/2017-11-08/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores metadata related to 'people', which encompasses actual user accounts, as well as users appearing in SCM, in directories corresponding to the user ID on disk. These directories used the user ID for their name without additional escaping, potentially resulting in problems like overwriting of unrelated configuration files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.88", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000392", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101773", "name" : "101773", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101773", "name" : "101773", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102826", "name" : "102826", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102826", "name" : "102826", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-11-08/", "name" : "https://jenkins.io/security/advisory/2017-11-08/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-11-08/", "name" : "https://jenkins.io/security/advisory/2017-11-08/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.88", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000393", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to create or configure agents in Jenkins could configure a launch method called 'Launch agent via execution of command on master'. This allowed them to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of this launch method now requires the Run Scripts permission typically only granted to administrators." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000394", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-fileupload library with the denial-of-service vulnerability known as CVE-2016-3092. The fix for that vulnerability has been backported to the version of the library bundled with Jenkins." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000395", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins 2.73.1 and earlier, 2.83 and earlier provides information about Jenkins user accounts which is generally available to anyone with Overall/Read permissions via the /user/(username)/api remote API. This included e.g. Jenkins users' email addresses if the Mailer Plugin is installed. The remote API now no longer includes information beyond the most basic (user ID and name) unless the user requesting it is a Jenkins administrator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000396", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins plugins. The fix for CVE-2012-6153 was backported to the version of commons-httpclient that is bundled in core and made available to plugins." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000397", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins Maven Plugin 2.17 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. Maven Plugin 3.0 no longer has a dependency on commons-httpclient." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:maven:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "2.17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000398", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at /computer/(agent-name)/api showed information about tasks (typically builds) currently running on that agent. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only shows information about accessible tasks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000399", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /queue/item/(ID)/api showed information about tasks in the queue (typically builds waiting to start). This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API endpoint is now only available for tasks that the current user has access to." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000400", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at /job/(job-name)/api contained information about upstream and downstream projects. This included information about tasks that the current user otherwise has no access to, e.g. due to lack of Item/Read permission. This has been fixed, and the API now only lists upstream and downstream projects that the current user has access to." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000401", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control for passwords and other secrets, , supports form validation (e.g. for API keys). The form validation AJAX requests were sent via GET, which could result in secrets being logged to a HTTP access log in non-default configurations of Jenkins, and made available to users with access to these log files. Form validation for is now always sent via POST, which is typically not logged." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.73.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.83", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.2, "baseSeverity" : "LOW" }, "exploitabilityScore" : 0.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.2 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000402", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:swarm:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "3.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000403", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-10-11/", "name" : "https://jenkins.io/security/advisory/2017-10-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Jenkins Speaks! Plugin, all current versions, allows users with Job/Configure permission to run arbitrary Groovy code inside the Jenkins JVM, effectively elevating privileges to Overall/Run Scripts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:speaks\\!:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "0.1.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000404", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101927", "name" : "101927", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101927", "name" : "101927", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://jenkins.io/security/advisory/2017-11-16/", "name" : "https://jenkins.io/security/advisory/2017-11-16/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-11-16/", "name" : "https://jenkins.io/security/advisory/2017-11-16/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:delivery_pipeline:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "1.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000408", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2017/q4/385", "name" : "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2017/q4/385", "name" : "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2019/06/27/7", "name" : "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2019/06/27/7", "name" : "[oss-security] 20190627 Re: linux-distros membership application - Microsoft", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2019/06/28/1", "name" : "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2019/06/28/1", "name" : "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2019/06/28/2", "name" : "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.openwall.com/lists/oss-security/2019/06/28/2", "name" : "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "name" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "name" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/43331/", "name" : "43331", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43331/", "name" : "43331", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T04:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000409", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2017/q4/385", "name" : "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2017/q4/385", "name" : "[oss-security] 20171211 Qualys Security Advisory - Buffer overflow in glibc's ld.so", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "name" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "name" : "https://security.netapp.com/advisory/ntap-20190404-0003/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/43331/", "name" : "43331", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43331/", "name" : "43331", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:glibc:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-01T04:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000411", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-404" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2018/q1/52", "name" : "[oss-security] 20180116 opendaylight-advisory: Multiple \"expired\" flows consume the memory resource of CONFIG DS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2018/q1/52", "name" : "[oss-security] 20180116 opendaylight-advisory: Multiple \"expired\" flows consume the memory resource of CONFIG DS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102736", "name" : "102736", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102736", "name" : "102736", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different flows with 'idle-timeout' and 'hard-timeout' are sent to the Openflow Plugin REST API, the expired flows will eventually crash the controller once its resource allocations set with the JVM size are exceeded. Although the installed flows (with timeout set) are removed from network (and thus also from controller's operations DS), the expired entries are still present in CONFIG DS. The attack can originate both from NORTH or SOUTH. The above description is for a north bound attack. A south bound attack can originate when an attacker attempts a flow flooding attack and since flows come with timeouts, the attack is not successful. However, the attacker will now be successful in CONTROLLER overflow attack (resource consumption). Although, the network (actual flow tables) and operational DS are only (~)1% occupied, the controller requests for resource consumption. This happens because the installed flows get removed from the network upon timeout." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opendaylight:opendaylight:carbon:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opendaylight:opendaylight:boron:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opendaylight:opendaylight:nitrogen:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opendaylight:openflow:nitrogen:*:*:*:*:opendaylight:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opendaylight:openflow:carbon:*:*:*:*:opendaylight:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opendaylight:openflow:boron:*:*:*:*:opendaylight:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-31T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000412", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "name" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "name" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/OP-TEE/optee_os/pull/1610", "name" : "https://github.com/OP-TEE/optee_os/pull/1610", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/OP-TEE/optee_os/pull/1610", "name" : "https://github.com/OP-TEE/optee_os/pull/1610", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.op-tee.org/security-advisories/", "name" : "https://www.op-tee.org/security-advisories/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.op-tee.org/security-advisories/", "name" : "https://www.op-tee.org/security-advisories/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linaro:op-tee:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000413", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "name" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "name" : "https://github.com/OP-TEE/optee_os/blob/2.5.0/CHANGELOG.md", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/OP-TEE/optee_os/pull/1610", "name" : "https://github.com/OP-TEE/optee_os/pull/1610", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/OP-TEE/optee_os/pull/1610", "name" : "https://github.com/OP-TEE/optee_os/pull/1610", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.op-tee.org/security-advisories/", "name" : "https://www.op-tee.org/security-advisories/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.op-tee.org/security-advisories/", "name" : "https://www.op-tee.org/security-advisories/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linaro:op-tee:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000414", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-369" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/ImpulseAdventure/JPEGsnoop/commit/b4e458612d4294e0cfe01dbf1c0b09a07a8133a4#diff-cf9182aecc9d630e8db2e0e35f1eec65", "name" : "https://github.com/ImpulseAdventure/JPEGsnoop/commit/b4e458612d4294e0cfe01dbf1c0b09a07a8133a4#diff-cf9182aecc9d630e8db2e0e35f1eec65", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/ImpulseAdventure/JPEGsnoop/commit/b4e458612d4294e0cfe01dbf1c0b09a07a8133a4#diff-cf9182aecc9d630e8db2e0e35f1eec65", "name" : "https://github.com/ImpulseAdventure/JPEGsnoop/commit/b4e458612d4294e0cfe01dbf1c0b09a07a8133a4#diff-cf9182aecc9d630e8db2e0e35f1eec65", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.impulseadventure.com/photo/jpeg-snoop-history.html", "name" : "https://www.impulseadventure.com/photo/jpeg-snoop-history.html", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.impulseadventure.com/photo/jpeg-snoop-history.html", "name" : "https://www.impulseadventure.com/photo/jpeg-snoop-history.html", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:impulseadventure:jpegsnoop:1.7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-25T16:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000415", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "name" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "name" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "name" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "name" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:matrixssl:matrixssl:3.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000416", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-193" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "name" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "name" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "name" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "name" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:axtls_project:axtls:1.5.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-22T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000417", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md", "name" : "https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md", "name" : "https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "name" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "name" : "https://www.ieee-security.org/TC/SP2017/papers/231.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "name" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "name" : "https://www.youtube.com/watch?v=FW--c_F_cY8", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:matrixssl:matrixssl:3.7.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-22T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000418", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab", "name" : "https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab", "name" : "https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/Mindwerks/wildmidi/issues/178", "name" : "https://github.com/Mindwerks/wildmidi/issues/178", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/Mindwerks/wildmidi/issues/178", "name" : "https://github.com/Mindwerks/wildmidi/issues/178", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mindwerks:wildmidi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000419", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136", "name" : "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136", "name" : "https://www.phpbb.com/community/viewtopic.php?f=14&p=14782136", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html", "name" : "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html", "name" : "https://www.sec-consult.com/en/blog/advisories/phpbb-server-side-request-forgery-vulnerability/index.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpbb:phpbb:3.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T19:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000420", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/syncthing/syncthing/issues/4286", "name" : "https://github.com/syncthing/syncthing/issues/4286", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/syncthing/syncthing/issues/4286", "name" : "https://github.com/syncthing/syncthing/issues/4286", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:syncthing:syncthing:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.14.33", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T19:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000421", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/kohler/gifsicle/issues/114", "name" : "https://github.com/kohler/gifsicle/issues/114", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/kohler/gifsicle/issues/114", "name" : "https://github.com/kohler/gifsicle/issues/114", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00006.html", "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1233-1] gifsicle security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00006.html", "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1233-1] gifsicle security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4084", "name" : "DSA-4084", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4084", "name" : "DSA-4084", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lcdf:gifsicle:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.89", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T19:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000422", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=785973", "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=785973", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=785973", "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=785973", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html", "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00007.html", "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1234-1] gdk-pixbuf security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201804-14", "name" : "GLSA-201804-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201804-14", "name" : "GLSA-201804-14", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3532-1/", "name" : "USN-3532-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3532-1/", "name" : "USN-3532-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4088", "name" : "DSA-4088", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4088", "name" : "DSA-4088", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdk-pixbuf:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.36.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000423", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2", "name" : "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2", "name" : "https://github.com/b2evolution/b2evolution/commit/0096a3ebc85f6aadbda2c4427cd092a538b161d2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c", "name" : "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c", "name" : "https://github.com/b2evolution/b2evolution/commit/b899d654d931f3bf3cfbbdd71e0d1a0f3a16d04c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.6.0", "versionEndIncluding" : "6.8.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000424", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/electron/electron/pull/10008", "name" : "https://github.com/electron/electron/pull/10008", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/electron/electron/pull/10008", "name" : "https://github.com/electron/electron/pull/10008", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/electron/electron/pull/10008/files", "name" : "https://github.com/electron/electron/pull/10008/files", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/electron/electron/pull/10008/files", "name" : "https://github.com/electron/electron/pull/10008/files", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.6.4", "versionEndIncluding" : "1.6.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atom:electron:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7.0", "versionEndIncluding" : "1.7.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000425", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/cst-7030-multiple-xss-vulnerabilities-in-7-0-ce-ga4", "name" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/cst-7030-multiple-xss-vulnerabilities-in-7-0-ce-ga4", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/cst-7030-multiple-xss-vulnerabilities-in-7-0-ce-ga4", "name" : "https://dev.liferay.com/web/community-security-team/known-vulnerabilities/-/asset_publisher/4AHAYapUm8Xc/content/cst-7030-multiple-xss-vulnerabilities-in-7-0-ce-ga4", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/liferay/liferay-portal/commit/9435af4ef8a90b5333da925a5ec860a43d18c031", "name" : "https://github.com/liferay/liferay-portal/commit/9435af4ef8a90b5333da925a5ec860a43d18c031", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/liferay/liferay-portal/commit/9435af4ef8a90b5333da925a5ec860a43d18c031", "name" : "https://github.com/liferay/liferay-portal/commit/9435af4ef8a90b5333da925a5ec860a43d18c031", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the \"movie\" parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*", "versionEndExcluding" : "7.0.3_ga4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000426", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mapproxy/mapproxy/issues/322", "name" : "https://github.com/mapproxy/mapproxy/issues/322", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/mapproxy/mapproxy/issues/322", "name" : "https://github.com/mapproxy/mapproxy/issues/322", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:omniscale:mapproxy:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.10.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T21:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000427", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS/", "name" : "FEDORA-2020-d714c08261", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO2RMVVZVV6NFTU46B5RYRK7ZCXYARZS/", "name" : "FEDORA-2020-d714c08261", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S/", "name" : "FEDORA-2020-5eca570e16", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6BJG6RGDH7ZWVVAUFBFI5L32RSMQN2S/", "name" : "FEDORA-2020-5eca570e16", "refsource" : "", "tags" : [ ] }, { "url" : "https://snyk.io/vuln/npm:marked:20170112", "name" : "https://snyk.io/vuln/npm:marked:20170112", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://snyk.io/vuln/npm:marked:20170112", "name" : "https://snyk.io/vuln/npm:marked:20170112", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:marked_project:marked:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.3.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000428", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/flatCore/flatCore-CMS/issues/35", "name" : "https://github.com/flatCore/flatCore-CMS/issues/35", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/flatCore/flatCore-CMS/issues/35", "name" : "https://github.com/flatCore/flatCore-CMS/issues/35", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flatcore:flatcore-cms:1.4.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-10T02:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000429", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lucifaer.com/index.php/archives/35/", "name" : "http://lucifaer.com/index.php/archives/35/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://lucifaer.com/index.php/archives/35/", "name" : "http://lucifaer.com/index.php/archives/35/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:finecms_project:finecms:5.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000430", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml", "name" : "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml", "name" : "https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rust-base64_project:rust-base64:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000431", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search", "name" : "http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search", "name" : "http://share.ez.no/community-project/security-advisories/ezsa-2017-005-xss-issue-in-search", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndIncluding" : "5.4.9", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ez:ez_publish:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.3.12", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000432", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14", "name" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14", "name" : "https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes" ] }, { "url" : "https://www.exploit-db.com/exploits/43462/", "name" : "43462", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43462/", "name" : "43462", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vanillaforums:vanilla_forums:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.1.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000433", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rohe/pysaml2/issues/451", "name" : "https://github.com/rohe/pysaml2/issues/451", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/rohe/pysaml2/issues/451", "name" : "https://github.com/rohe/pysaml2/issues/451", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00000.html", "name" : "[debian-lts-announce] 20180701 [SECURITY] [DLA 1410-1] python-pysaml2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00000.html", "name" : "[debian-lts-announce] 20180701 [SECURITY] [DLA 1410-1] python-pysaml2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html", "name" : "[debian-lts-announce] 20210226 [SECURITY] [DLA 2577-1] python-pysaml2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/02/msg00038.html", "name" : "[debian-lts-announce] 20210226 [SECURITY] [DLA 2577-1] python-pysaml2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201801-11", "name" : "GLSA-201801-11", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201801-11", "name" : "GLSA-201801-11", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.4.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000434", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cjc.im/advisories/0008/", "name" : "https://cjc.im/advisories/0008/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cjc.im/advisories/0008/", "name" : "https://cjc.im/advisories/0008/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/8992", "name" : "https://wpvulndb.com/vulnerabilities/8992", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://wpvulndb.com/vulnerabilities/8992", "name" : "https://wpvulndb.com/vulnerabilities/8992", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:furikake_project:furikake:0.1.0:*:*:*:*:wordpress:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000435", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-16227. Reason: This candidate is a reservation duplicate of CVE-2017-16227. Notes: All CVE users should reference CVE-2017-16227 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-12-30T07:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000436", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14975. Reason: This candidate is a reservation duplicate of CVE-2017-14975. Notes: All CVE users should reference CVE-2017-14975 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-12-30T07:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000437", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/marcobambini/gravity/issues/186", "name" : "https://github.com/marcobambini/gravity/issues/186", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/marcobambini/gravity/issues/186", "name" : "https://github.com/marcobambini/gravity/issues/186", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:creolabs:gravity:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000438", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.openmicroscopy.org/security/advisories/2017-SV5-filename-2/", "name" : "https://www.openmicroscopy.org/security/advisories/2017-SV5-filename-2/", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.openmicroscopy.org/security/advisories/2017-SV5-filename-2/", "name" : "https://www.openmicroscopy.org/security/advisories/2017-SV5-filename-2/", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openmicroscopy:omero:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "LOW", "baseScore" : 8.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000439", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14601. Reason: This candidate is a reservation duplicate of CVE-2017-14601. Notes: All CVE users should reference CVE-2017-14601 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-10T17:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000440", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14976. Reason: This candidate is a reservation duplicate of CVE-2017-14976. Notes: All CVE users should reference CVE-2017-14976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-12-30T07:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000441", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14931. Reason: This candidate is a reservation duplicate of CVE-2017-14931. Notes: All CVE users should reference CVE-2017-14931 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-10T17:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000442", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls", "name" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls", "name" : "https://www.passbolt.com/incidents/20170914_xss_on_resource_urls", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.passbolt.com/release/notes#September", "name" : "https://www.passbolt.com/release/notes#September", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.passbolt.com/release/notes#September", "name" : "https://www.passbolt.com/release/notes#September", "refsource" : "", "tags" : [ "Patch", "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:passbolt:passbolt_api:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.6.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000443", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "name" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "name" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/Eleix/openhacker/issues/5", "name" : "https://github.com/Eleix/openhacker/issues/5", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/Eleix/openhacker/issues/5", "name" : "https://github.com/Eleix/openhacker/issues/5", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openhacker_project:openhacker:0.1.47:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000444", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "name" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "name" : "https://github.com/Eleix/openhacker/commit/9da5c237ba5e2311f01edc83389bc5aaf0a9885c", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/Eleix/openhacker/issues/4", "name" : "https://github.com/Eleix/openhacker/issues/4", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/Eleix/openhacker/issues/4", "name" : "https://github.com/Eleix/openhacker/issues/4", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openhacker_project:openhacker:0.1.47:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T15:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000445", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102368", "name" : "102368", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102368", "name" : "102368", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/775", "name" : "https://github.com/ImageMagick/ImageMagick/issues/775", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/775", "name" : "https://github.com/ImageMagick/ImageMagick/issues/775", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html", "name" : "[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html", "name" : "[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "name" : "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "name" : "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "name" : "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "name" : "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3681-1/", "name" : "USN-3681-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3681-1/", "name" : "USN-3681-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.9.9-15", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0-0", "versionEndIncluding" : "7.0.7-1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T15:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000446", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15954. Reason: This candidate is a reservation duplicate of CVE-2017-15954. Notes: All CVE users should reference CVE-2017-15954 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-12-30T07:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000447", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-15955. Reason: This candidate is a reservation duplicate of CVE-2017-15955. Notes: All CVE users should reference CVE-2017-15955 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-12-30T07:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000448", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/structured-data/linter/issues/41", "name" : "https://github.com/structured-data/linter/issues/41", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/structured-data/linter/issues/41", "name" : "https://github.com/structured-data/linter/issues/41", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:structured-data:structured_data_linter:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000449", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA due to lack of a reference providing provenance. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000450", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor", "name" : "https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor", "name" : "https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/opencv/opencv/issues/9723", "name" : "https://github.com/opencv/opencv/issues/9723", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/opencv/opencv/issues/9723", "name" : "https://github.com/opencv/opencv/issues/9723", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html", "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1235-1] opencv security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00008.html", "name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1235-1] opencv security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html", "name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html", "name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html", "name" : "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/10/msg00028.html", "name" : "[debian-lts-announce] 20211030 [SECURITY] [DLA 2799-1] opencv security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3.3 and earlier." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opencv:opencv:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.3.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000451", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nodesecurity.io/advisories/360", "name" : "https://nodesecurity.io/advisories/360", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://nodesecurity.io/advisories/360", "name" : "https://nodesecurity.io/advisories/360", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fs-git_project:fs-git:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000452", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-91" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/tngan/samlify/releases/tag/v2.3.0", "name" : "https://github.com/tngan/samlify/releases/tag/v2.3.0", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/tngan/samlify/releases/tag/v2.3.0", "name" : "https://github.com/tngan/samlify/releases/tag/v2.3.0", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Release Notes", "Third Party Advisory" ] }, { "url" : "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify", "name" : "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify", "name" : "https://www.whitehats.nl/blog/xml-signature-wrapping-samlify", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samlify_project:samlify:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000453", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/", "name" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/", "name" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000454", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content", "name" : "https://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content", "name" : "https://www.cmsmadesimple.org/2017/07/Announcing-CMSMS-2.2.2-Hearts-Content", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cmsmadesimple:cms_made_simple:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000455", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-346" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html", "name" : "https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html", "name" : "https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in \"the store\", violating a fundamental security assumption of GNU Guix." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnu:guixsd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.13.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000456", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=103116", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=103116", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugs.freedesktop.org/show_bug.cgi?id=103116", "name" : "https://bugs.freedesktop.org/show_bug.cgi?id=103116", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html", "name" : "[debian-lts-announce] 20180103 [SECURITY] [DLA 1228-1] poppler security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00001.html", "name" : "[debian-lts-announce] 20180103 [SECURITY] [DLA 1228-1] poppler security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4097", "name" : "DSA-4097", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4097", "name" : "DSA-4097", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freedesktop:poppler:0.60.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000457", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d", "name" : "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d", "name" : "https://github.com/i7MEDIA/mojoportal/commit/5ea8129f74c80cbf1f68b9083c745cc8a685485d", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://www.mojoportal.com/mojoportal-2-6", "name" : "https://www.mojoportal.com/mojoportal-2-6", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.mojoportal.com/mojoportal-2-6", "name" : "https://www.mojoportal.com/mojoportal-2-6", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accounts assigned either the \"Administrators\" or \"Content Administrators\" role." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mojoportal:mojoportal:2.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-02T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000458", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bro-tracker.atlassian.net/browse/BIT-1856", "name" : "https://bro-tracker.atlassian.net/browse/BIT-1856", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bro-tracker.atlassian.net/browse/BIT-1856", "name" : "https://bro-tracker.atlassian.net/browse/BIT-1856", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/bro/bro/commit/6c0f101a62489b1c5927b4ed63b0e1d37db40282", "name" : "https://github.com/bro/bro/commit/6c0f101a62489b1c5927b4ed63b0e1d37db40282", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/bro/bro/commit/6c0f101a62489b1c5927b4ed63b0e1d37db40282", "name" : "https://github.com/bro/bro/commit/6c0f101a62489b1c5927b4ed63b0e1d37db40282", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bro:bro:2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-02T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000459", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/leanote/leanote/issues/676", "name" : "https://github.com/leanote/leanote/issues/676", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/leanote/leanote/issues/676", "name" : "https://github.com/leanote/leanote/issues/676", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leanote:leanote:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T00:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000460", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.libav.org/show_bug.cgi?id=952", "name" : "https://bugzilla.libav.org/show_bug.cgi?id=952", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.libav.org/show_bug.cgi?id=952", "name" : "https://bugzilla.libav.org/show_bug.cgi?id=952", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c", "name" : "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c", "name" : "https://chromium.googlesource.com/chromium/third_party/ffmpeg/+/8e313ca08800178efce00045e07dc494d437b70c", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html", "name" : "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00041.html", "name" : "[debian-lts-announce] 20190330 [SECURITY] [DLA 1740-1] libav security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html", "name" : "https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html", "name" : "https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libav:libav:13_dev0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ffmpeg:ffmpeg:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndIncluding" : "56.0.2924", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000461", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601", "name" : "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601", "name" : "https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the \"JS fingerprinting blocking\" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:brave:browser:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.19.73", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000462", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BookStackApp/BookStack/issues/575", "name" : "https://github.com/BookStackApp/BookStack/issues/575", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/BookStackApp/BookStack/issues/575", "name" : "https://github.com/BookStackApp/BookStack/issues/575", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bookstackapp:bookstack:0.18.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000463", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Leafpub/leafpub/issues/125", "name" : "https://github.com/Leafpub/leafpub/issues/125", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/Leafpub/leafpub/issues/125", "name" : "https://github.com/Leafpub/leafpub/issues/125", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leafpub:leafpub:1.2.0:beta6:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T00:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000464", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-25T14:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000465", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/sulu/sulu-standard/issues/835", "name" : "https://github.com/sulu/sulu-standard/issues/835", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/sulu/sulu-standard/issues/835", "name" : "https://github.com/sulu/sulu-standard/issues/835", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sulu:sulu-standard:1.6.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-09T22:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000466", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/invoiceninja/invoiceninja/issues/1727", "name" : "https://github.com/invoiceninja/invoiceninja/issues/1727", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/invoiceninja/invoiceninja/issues/1727", "name" : "https://github.com/invoiceninja/invoiceninja/issues/1727", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:invoiceninja:invoice_ninja:3.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T01:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000467", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/LavaLite/cms/issues/209", "name" : "https://github.com/LavaLite/cms/issues/209", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/LavaLite/cms/issues/209", "name" : "https://github.com/LavaLite/cms/issues/209", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:lavalite:lavalite:5.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T15:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000468", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-25T14:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000469", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cobbler/cobbler/issues/1845", "name" : "https://github.com/cobbler/cobbler/issues/1845", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://github.com/cobbler/cobbler/issues/1845", "name" : "https://github.com/cobbler/cobbler/issues/1845", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the \"add repo\" component resulting in arbitrary code execution as root user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.8.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000470", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3", "name" : "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3", "name" : "https://github.com/embedthis/goahead/commit/adeb4abc6c998c19524e09fde20c02b4a26765a3", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/embedthis/goahead/pull/258", "name" : "https://github.com/embedthis/goahead/pull/258", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/embedthis/goahead/pull/258", "name" : "https://github.com/embedthis/goahead/pull/258", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:embedthis:goahead_web_server:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000471", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7", "name" : "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7", "name" : "https://github.com/embedthis/goahead/commit/5e6be61e42448f503e75e287dc332b1ecbf2a665#diff-7c9c60c790648b06210f57b9e2f53ca7", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/embedthis/goahead/pull/258", "name" : "https://github.com/embedthis/goahead/pull/258", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/embedthis/goahead/pull/258", "name" : "https://github.com/embedthis/goahead/pull/258", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:embedthis:goahead:4.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000472", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/pocoproject/poco/issues/1968", "name" : "https://github.com/pocoproject/poco/issues/1968", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch" ] }, { "url" : "https://github.com/pocoproject/poco/issues/1968", "name" : "https://github.com/pocoproject/poco/issues/1968", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00013.html", "name" : "[debian-lts-announce] 20180110 [SECURITY] [DLA 1239-1] poco security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00013.html", "name" : "[debian-lts-announce] 20180110 [SECURITY] [DLA 1239-1] poco security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4083", "name" : "DSA-4083", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4083", "name" : "DSA-4083", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression, and possibly create or overwrite arbitrary files, via a crafted ZIP file, related to a \"file path injection vulnerability\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pocoproject:poco:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000473", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/afaqurk/linux-dash/issues/447", "name" : "https://github.com/afaqurk/linux-dash/issues/447", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/afaqurk/linux-dash/issues/447", "name" : "https://github.com/afaqurk/linux-dash/issues/447", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:linux-dash_project:linux-dash:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000474", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://singsip.wixsite.com/singsip/vuln", "name" : "http://singsip.wixsite.com/singsip/vuln", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://singsip.wixsite.com/singsip/vuln", "name" : "http://singsip.wixsite.com/singsip/vuln", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44318/", "name" : "44318", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/44318/", "name" : "44318", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:vehicle_sales_management_system_project:vehicle_sales_management_system:2017-07-30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T22:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000475", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-428" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lajarajorge/CVE-2017-1000475/blob/master/README.md", "name" : "https://github.com/lajarajorge/CVE-2017-1000475/blob/master/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/lajarajorge/CVE-2017-1000475/blob/master/README.md", "name" : "https://github.com/lajarajorge/CVE-2017-1000475/blob/master/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/48044", "name" : "Explooit Database", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/48044", "name" : "Explooit Database", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freesshd:freesshd:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000476", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102428", "name" : "102428", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102428", "name" : "102428", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/867", "name" : "https://github.com/ImageMagick/ImageMagick/issues/867", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/867", "name" : "https://github.com/ImageMagick/ImageMagick/issues/867", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html", "name" : "[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00002.html", "name" : "[debian-lts-announce] 20180104 [SECURITY] [DLA 1229-1] imagemagick security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "name" : "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/05/msg00015.html", "name" : "[debian-lts-announce] 20190514 [SECURITY] [DLA 1785-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "name" : "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "name" : "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3681-1/", "name" : "USN-3681-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3681-1/", "name" : "USN-3681-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:7.0.7-12:q16:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000477", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/pravednik/xmlBundle", "name" : "https://github.com/pravednik/xmlBundle", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/pravednik/xmlBundle", "name" : "https://github.com/pravednik/xmlBundle", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://github.com/pravednik/xmlBundle/issues/2", "name" : "https://github.com/pravednik/xmlBundle/issues/2", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/pravednik/xmlBundle/issues/2", "name" : "https://github.com/pravednik/xmlBundle/issues/2", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:xmlbundle_project:xmlbundle:0.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000478", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/elabftw/elabftw/issues/531", "name" : "https://github.com/elabftw/elabftw/issues/531", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/elabftw/elabftw/issues/531", "name" : "https://github.com/elabftw/elabftw/issues/531", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:elabftw:elabftw:1.7.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000479", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2017/11/22/7", "name" : "[oss-security] 20171122 Clickjacking vulnerability in CSRF error page pfSense", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/11/22/7", "name" : "[oss-security] 20171122 Clickjacking vulnerability in CSRF error page pfSense", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes", "name" : "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes", "name" : "https://doc.pfsense.org/index.php/2.4.2_New_Features_and_Changes", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://github.com/opnsense/core/commit/d218b225", "name" : "https://github.com/opnsense/core/commit/d218b225", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/opnsense/core/commit/d218b225", "name" : "https://github.com/opnsense/core/commit/d218b225", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/pfsense/pfsense/commit/386d89b07", "name" : "https://github.com/pfsense/pfsense/commit/386d89b07", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/pfsense/pfsense/commit/386d89b07", "name" : "https://github.com/pfsense/pfsense/commit/386d89b07", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html", "name" : "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html", "name" : "https://www.netgate.com/blog/pfsense-2-4-2-release-p1-and-2-3-5-release-p1-now-available.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html", "name" : "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html", "name" : "https://www.securify.nl/en/advisory/SFY20171101/clickjacking-vulnerability-in-csrf-error-page-pfsense.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE. OPNsense, a 2015 fork of pfSense, was not vulnerable since version 16.1.16 released on June 06, 2016. The unprotected web form was removed from the code during an internal security audit under \"possibly insecure\" suspicions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opnsense_project:opnsense:*:*:*:*:*:*:*:*", "versionEndExcluding" : "16.1.16", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.4.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000480", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/smarty-php/smarty/blob/master/change_log.txt", "name" : "https://github.com/smarty-php/smarty/blob/master/change_log.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/smarty-php/smarty/blob/master/change_log.txt", "name" : "https://github.com/smarty-php/smarty/blob/master/change_log.txt", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00023.html", "name" : "[debian-lts-announce] 20180119 [SECURITY] [DLA 1249-1] smarty3 security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00023.html", "name" : "[debian-lts-announce] 20180119 [SECURITY] [DLA 1249-1] smarty3 security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00000.html", "name" : "[debian-lts-announce] 20180201 [SECURITY] [DLA 1249-2] smarty3 regression update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00000.html", "name" : "[debian-lts-announce] 20180201 [SECURITY] [DLA 1249-2] smarty3 regression update", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4094", "name" : "DSA-4094", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4094", "name" : "DSA-4094", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:smarty:smarty:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "3.1.32", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000481", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form", "name" : "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form", "name" : "https://plone.org/security/hotfix/20171128/open-redirection-on-login-form", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this by letting you click on a specially crafted link. You would login, and get redirected to the site of the attacker, letting you think that you are still on the original Plone site. Or some javascript of the attacker could be executed. Most of these types of attacks are already blocked by Plone, using the `isURLInPortal` check to make sure we only redirect to a page on the same Plone site. But a few more ways of tricking Plone into accepting a malicious link were discovered, and fixed with this hotfix." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000482", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", "name" : "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", "name" : "https://plone.org/security/hotfix/20171128/xss-using-the-home_page-member-property", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000483", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plone.org/security/hotfix/20171128/sandbox-escape", "name" : "https://plone.org/security/hotfix/20171128/sandbox-escape", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://plone.org/security/hotfix/20171128/sandbox-escape", "name" : "https://plone.org/security/hotfix/20171128/sandbox-escape", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000484", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", "name" : "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", "name" : "https://plone.org/security/hotfix/20171128/an-open-redirection-when-calling-a-specific-url", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login form and login, then get redirected to the specific url, and then get a second redirect to the attacker website. (The specific url can be seen by inspecting the hotfix code, but we don't want to make it too easy for attackers by spelling it out here.)" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:a2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:3.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:2.5.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.14:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.1:b2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:4.3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:plone:plone:5.0.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000485", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/nylas-mail-lives/nylas-mail/issues/181", "name" : "https://github.com/nylas-mail-lives/nylas-mail/issues/181", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/nylas-mail-lives/nylas-mail/issues/181", "name" : "https://github.com/nylas-mail-lives/nylas-mail/issues/181", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nylas_mail_lives_project:nylas_mail:2.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000486", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html", "name" : "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html", "name" : "http://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://cryptosense.com/weak-encryption-flaw-in-primefaces/", "name" : "https://cryptosense.com/weak-encryption-flaw-in-primefaces/", "refsource" : "", "tags" : [ "Third Party Advisory", "Broken Link" ] }, { "url" : "https://cryptosense.com/weak-encryption-flaw-in-primefaces/", "name" : "https://cryptosense.com/weak-encryption-flaw-in-primefaces/", "refsource" : "", "tags" : [ "Third Party Advisory", "Broken Link" ] }, { "url" : "https://github.com/primefaces/primefaces/issues/1152", "name" : "https://github.com/primefaces/primefaces/issues/1152", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/primefaces/primefaces/issues/1152", "name" : "https://github.com/primefaces/primefaces/issues/1152", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43733/", "name" : "43733", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43733/", "name" : "43733", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:primetek:primefaces:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.3", "versionEndExcluding" : "5.3.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:primetek:primefaces:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.24", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:primetek:primefaces:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndExcluding" : "5.2.21", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2025-03-14T20:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000487", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:1322", "name" : "RHSA-2018:1322", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1322", "name" : "RHSA-2018:1322", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", "name" : "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", "name" : "https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", "name" : "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E", "name" : "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2e94f72f53df432302d359fd66cfa9e9efb8d42633d54579a4377e62%40%3Cdev.avro.apache.org%3E", "name" : "[avro-dev] 20200619 [jira] [Created] (AVRO-2865) Security vulnerability caused by plexus-utils:1.5.6", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r2e94f72f53df432302d359fd66cfa9e9efb8d42633d54579a4377e62%40%3Cdev.avro.apache.org%3E", "name" : "[avro-dev] 20200619 [jira] [Created] (AVRO-2865) Security vulnerability caused by plexus-utils:1.5.6", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E", "name" : "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/r9584c4304c888f651d214341a939bd264ed30c9e3d0d30fe85097ecf%40%3Ccommits.pulsar.apache.org%3E", "name" : "[pulsar-commits] 20210127 [GitHub] [pulsar] GLouMcK opened a new issue #9347: Security Vulnerabilities - Black Duck Scan", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", "name" : "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E", "name" : "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00010.html", "name" : "[debian-lts-announce] 20180109 [SECURITY] [DLA 1236-1] plexus-utils security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00010.html", "name" : "[debian-lts-announce] 20180109 [SECURITY] [DLA 1236-1] plexus-utils security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00011.html", "name" : "[debian-lts-announce] 20180109 [SECURITY] [DLA 1237-1] plexus-utils2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00011.html", "name" : "[debian-lts-announce] 20180109 [SECURITY] [DLA 1237-1] plexus-utils2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", "name" : "https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4146", "name" : "DSA-4146", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4146", "name" : "DSA-4146", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4149", "name" : "DSA-4149", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4149", "name" : "DSA-4149", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:codehaus-plexus:plexus-utils:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.0.16", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000488", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T16:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000489", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000490", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "name" : "https://github.com/mautic/mautic/releases/tag/2.12.0", "refsource" : "", "tags" : [ "Exploit", "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.11.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:2.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.2.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.2.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:1.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.8.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.9.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.10.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:acquia:mautic:2.11.0:beta:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000491", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab", "name" : "https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab", "name" : "https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/rhysd/Shiba/issues/42", "name" : "https://github.com/rhysd/Shiba/issues/42", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/rhysd/Shiba/issues/42", "name" : "https://github.com/rhysd/Shiba/issues/42", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shiba_project:shiba:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T01:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000492", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30", "name" : "https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30", "name" : "https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/leanote/leanote/issues/695", "name" : "https://github.com/leanote/leanote/issues/695", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/leanote/leanote/issues/695", "name" : "https://github.com/leanote/leanote/issues/695", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:leanote:desktop:2.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T01:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000493", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html", "name" : "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html", "name" : "http://blog.sbarbeau.fr/2018/03/nosql-injection-leading-to.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/RocketChat/Rocket.Chat/pull/8408", "name" : "https://github.com/RocketChat/Rocket.Chat/pull/8408", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/RocketChat/Rocket.Chat/pull/8408", "name" : "https://github.com/RocketChat/Rocket.Chat/pull/8408", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.59", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T01:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000494", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a", "name" : "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a", "name" : "https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/miniupnp/miniupnp/issues/268", "name" : "https://github.com/miniupnp/miniupnp/issues/268", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/miniupnp/miniupnp/issues/268", "name" : "https://github.com/miniupnp/miniupnp/issues/268", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html", "name" : "[debian-lts-announce] 20190530 [SECURITY] [DLA 1811-1] miniupnpd security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/05/msg00045.html", "name" : "[debian-lts-announce] 20190530 [SECURITY] [DLA 1811-1] miniupnpd security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3562-1/", "name" : "USN-3562-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3562-1/", "name" : "USN-3562-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Uninitialized stack variable vulnerability in NameValueParserEndElt (upnpreplyparse.c) in miniupnpd < 2.0 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miniupnp_project:miniupnpd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000495", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/quickapps/cms/issues/183", "name" : "https://github.com/quickapps/cms/issues/183", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/quickapps/cms/issues/183", "name" : "https://github.com/quickapps/cms/issues/183", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:quickappscms:quickapps_cms:2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000496", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/commsy/commsy/issues/2", "name" : "https://github.com/commsy/commsy/issues/2", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/commsy/commsy/issues/2", "name" : "https://github.com/commsy/commsy/issues/2", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:commsy:commsy:9.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000497", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/sbrl/Pepperminty-Wiki/issues/152", "name" : "https://github.com/sbrl/Pepperminty-Wiki/issues/152", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/sbrl/Pepperminty-Wiki/issues/152", "name" : "https://github.com/sbrl/Pepperminty-Wiki/issues/152", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pepperminty-wiki_project:pepperminty-wiki:0.15:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000498", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/BigBadaboom/androidsvg/issues/122", "name" : "https://github.com/BigBadaboom/androidsvg/issues/122", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/BigBadaboom/androidsvg/issues/122", "name" : "https://github.com/BigBadaboom/androidsvg/issues/122", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:androidsvg_project:androidsvg:1.2.2:-:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000499", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/", "name" : "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/", "name" : "http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1040163", "name" : "1040163", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040163", "name" : "1040163", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/45284/", "name" : "45284", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/45284/", "name" : "45284", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.phpmyadmin.net/security/PMASA-2017-9/", "name" : "https://www.phpmyadmin.net/security/PMASA-2017-9/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.phpmyadmin.net/security/PMASA-2017-9/", "name" : "https://www.phpmyadmin.net/security/PMASA-2017-9/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.7.0", "versionEndExcluding" : "4.7.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-03T14:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000500", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12161. Reason: This candidate is a reservation duplicate of CVE-2017-12161. Notes: All CVE users should reference CVE-2017-12161 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-03T15:29Z", "lastModifiedDate" : "2023-11-07T02:37Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000501", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.awstats.org/", "name" : "http://www.awstats.org/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.awstats.org/", "name" : "http://www.awstats.org/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651", "name" : "https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651", "name" : "https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899", "name" : "https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899", "name" : "https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html", "name" : "[debian-lts-announce] 20180110 [SECURITY] [DLA 1238-1] awstats security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00012.html", "name" : "[debian-lts-announce] 20180110 [SECURITY] [DLA 1238-1] awstats security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202007-37", "name" : "GLSA-202007-37", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/202007-37", "name" : "GLSA-202007-37", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4092", "name" : "DSA-4092", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4092", "name" : "DSA-4092", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the \"config\" and \"migrate\" parameters resulting in unauthenticated remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.6.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-03T15:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000502", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-12-06/", "name" : "https://jenkins.io/security/advisory/2017-12-06/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-12-06/", "name" : "https://jenkins.io/security/advisory/2017-12-06/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the 'Run Scripts' permission typically only granted to administrators." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:ec2:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "1.37", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000503", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-12-14/", "name" : "https://jenkins.io/security/advisory/2017-12-14/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-12-14/", "name" : "https://jenkins.io/security/advisory/2017-12-14/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. This resulted in multiple security-related settings not being set to their usual strict default." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:2.89.1:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.81", "versionEndIncluding" : "2.94", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000504", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-12-14/", "name" : "https://jenkins.io/security/advisory/2017-12-14/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-12-14/", "name" : "https://jenkins.io/security/advisory/2017-12-14/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Please wait while Jenkins is getting ready to work' message but Cross-Site Request Forgery (CSRF) protection may not yet be effective." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*", "versionEndIncluding" : "2.89.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:jenkins:*:*:*:*:-:*:*:*", "versionEndIncluding" : "2.94", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000505", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jenkins.io/security/advisory/2017-12-11/", "name" : "https://jenkins.io/security/advisory/2017-12-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://jenkins.io/security/advisory/2017-12-11/", "name" : "https://jenkins.io/security/advisory/2017-12-11/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on the Jenkins master file system. Such a type coercion is now subject to sandbox protection and considered to be a call to the `new File(String)` constructor for the purpose of in-process script approval." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jenkins:script_security:*:*:*:*:*:jenkins:*:*", "versionEndIncluding" : "1.36", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-25T18:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000506", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/mautic/mautic/issues/5222", "name" : "https://github.com/mautic/mautic/issues/5222", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/mautic/mautic/issues/5222", "name" : "https://github.com/mautic/mautic/issues/5222", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mautic:mautic:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-09T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000507", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cnvs/canvas/issues/359", "name" : "https://github.com/cnvs/canvas/issues/359", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/cnvs/canvas/issues/359", "name" : "https://github.com/cnvs/canvas/issues/359", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cnvs:canvas:3.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-09T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000508", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/InvoicePlane/InvoicePlane/pull/557", "name" : "https://github.com/InvoicePlane/InvoicePlane/pull/557", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/InvoicePlane/InvoicePlane/pull/557", "name" : "https://github.com/InvoicePlane/InvoicePlane/pull/557", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://github.com/InvoicePlane/InvoicePlane/pull/557/commits/3fc256ccef403f5be9982f02ef340d9e01daabb2", "name" : "https://github.com/InvoicePlane/InvoicePlane/pull/557/commits/3fc256ccef403f5be9982f02ef340d9e01daabb2", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/InvoicePlane/InvoicePlane/pull/557/commits/3fc256ccef403f5be9982f02ef340d9e01daabb2", "name" : "https://github.com/InvoicePlane/InvoicePlane/pull/557/commits/3fc256ccef403f5be9982f02ef340d9e01daabb2", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:invoiceplane:invoiceplane:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.5.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-09T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000509", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/Dolibarr/dolibarr/issues/7727", "name" : "https://github.com/Dolibarr/dolibarr/issues/7727", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/Dolibarr/dolibarr/issues/7727", "name" : "https://github.com/Dolibarr/dolibarr/issues/7727", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dolibarr:dolibarr_erp\\/crm:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-09T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000510", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/croogo/croogo/issues/847", "name" : "https://github.com/croogo/croogo/issues/847", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/croogo/croogo/issues/847", "name" : "https://github.com/croogo/croogo/issues/847", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:croogo:croogo:2.3.1-17-g6f82e6c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-09T23:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1000600", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/105305", "name" : "105305", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/105305", "name" : "105305", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/", "name" : "https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/", "name" : "https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://youtu.be/GePBmsNJw6Y?t=1763", "name" : "https://youtu.be/GePBmsNJw6Y?t=1763", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://youtu.be/GePBmsNJw6Y?t=1763", "name" : "https://youtu.be/GePBmsNJw6Y?t=1763", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugins in order to be exploited however this has not been confirmed at this time. This issue appears to have been partially, but not completely fixed in WordPress 4.9" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-06T12:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1001", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:41Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1002", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1002101", "ASSIGNER" : "security@kubernetes.io" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html", "name" : "openSUSE-SU-2020:0554", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html", "name" : "openSUSE-SU-2020:0554", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0475", "name" : "RHSA-2018:0475", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0475", "name" : "RHSA-2018:0475", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/bgeesaman/subpath-exploit/", "name" : "https://github.com/bgeesaman/subpath-exploit/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/bgeesaman/subpath-exploit/", "name" : "https://github.com/bgeesaman/subpath-exploit/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/kubernetes/kubernetes/issues/60813", "name" : "https://github.com/kubernetes/kubernetes/issues/60813", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Vendor Advisory" ] }, { "url" : "https://github.com/kubernetes/kubernetes/issues/60813", "name" : "https://github.com/kubernetes/kubernetes/issues/60813", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.0", "versionEndIncluding" : "1.3.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.0", "versionEndIncluding" : "1.4.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.5.0", "versionEndIncluding" : "1.5.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.6.0", "versionEndIncluding" : "1.6.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7.0", "versionEndExcluding" : "1.7.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.8.0", "versionEndExcluding" : "1.8.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.9.0", "versionEndExcluding" : "1.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.6, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.1, "impactScore" : 5.8 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-13T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1002102", "ASSIGNER" : "security@kubernetes.io" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:0475", "name" : "RHSA-2018:0475", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0475", "name" : "RHSA-2018:0475", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/kubernetes/kubernetes/issues/60814", "name" : "https://github.com/kubernetes/kubernetes/issues/60814", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://github.com/kubernetes/kubernetes/issues/60814", "name" : "https://github.com/kubernetes/kubernetes/issues/60814", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.0", "versionEndIncluding" : "1.3.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.0", "versionEndIncluding" : "1.4.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.5.0", "versionEndIncluding" : "1.5.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.6.0", "versionEndIncluding" : "1.6.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7.0", "versionEndExcluding" : "1.7.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.8.0", "versionEndExcluding" : "1.8.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.9.0", "versionEndExcluding" : "1.9.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.1, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:N/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-13T17:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1002152", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/fedora-infra/bodhi/issues/1740", "name" : "https://github.com/fedora-infra/bodhi/issues/1740", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] }, { "url" : "https://github.com/fedora-infra/bodhi/issues/1740", "name" : "https://github.com/fedora-infra/bodhi/issues/1740", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:bodhi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-01-10T21:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1002157", "ASSIGNER" : "patrick@puiterwijk.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://pagure.io/modulemd/issue/55", "name" : "https://pagure.io/modulemd/issue/55", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://pagure.io/modulemd/issue/55", "name" : "https://pagure.io/modulemd/issue/55", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:modulemd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-10T21:29Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1002201", "ASSIGNER" : "cve-assign@distributedweaknessfiling.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2", "name" : "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2", "name" : "https://github.com/haml/haml/commit/18576ae6e9bdcb4303fdbe6b3199869d289d67c2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html", "name" : "[debian-lts-announce] 20191110 [SECURITY] [DLA 1986-1] ruby-haml security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/11/msg00007.html", "name" : "[debian-lts-announce] 20191110 [SECURITY] [DLA 1986-1] ruby-haml security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html", "name" : "[debian-lts-announce] 20211229 [SECURITY] [DLA 2864-1] ruby-haml security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/12/msg00028.html", "name" : "[debian-lts-announce] 20211229 [SECURITY] [DLA 2864-1] ruby-haml security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202007-27", "name" : "GLSA-202007-27", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/202007-27", "name" : "GLSA-202007-27", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://snyk.io/vuln/SNYK-RUBY-HAML-20362", "name" : "https://snyk.io/vuln/SNYK-RUBY-HAML-20362", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://snyk.io/vuln/SNYK-RUBY-HAML-20362", "name" : "https://snyk.io/vuln/SNYK-RUBY-HAML-20362", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > \" ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional attributes, potentially executing code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:haml:haml:*:*:*:*:*:ruby:*:*", "versionEndExcluding" : "5.0.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-10-15T18:15Z", "lastModifiedDate" : "2024-11-21T03:04Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1003", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1004", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1005", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1006", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10068", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102535", "name" : "102535", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102535", "name" : "102535", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040207", "name" : "1040207", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040207", "name" : "1040207", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web Dashboards). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 8.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-18T02:29Z", "lastModifiedDate" : "2024-11-21T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1007", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1008", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1009", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1010", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1011", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1012", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1013", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1014", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10140", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2017/q3/285", "name" : "[oss-sec] 20170611 Berkeley DB reads DB_CONFIG from cwd", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2017/q3/285", "name" : "[oss-sec] 20170611 Berkeley DB reads DB_CONFIG from cwd", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.postfix.org/announcements/postfix-3.2.2.html", "name" : "http://www.postfix.org/announcements/postfix-3.2.2.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.postfix.org/announcements/postfix-3.2.2.html", "name" : "http://www.postfix.org/announcements/postfix-3.2.2.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:0366", "name" : "RHSA-2019:0366", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:0366", "name" : "RHSA-2019:0366", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DB_CONFIG in the current directory." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.2.0", "versionEndExcluding" : "3.2.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.1.0", "versionEndExcluding" : "3.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.0", "versionEndExcluding" : "3.0.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postfix:postfix:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.11.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-16T17:29Z", "lastModifiedDate" : "2024-11-21T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1015", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1016", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1017", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1018", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1019", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1020", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1021", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1022", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1023", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1024", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1025", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1026", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10262", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102562", "name" : "102562", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102562", "name" : "102562", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040211", "name" : "1040211", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040211", "name" : "1040211", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-18T02:29Z", "lastModifiedDate" : "2024-11-21T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1027", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10273", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102569", "name" : "102569", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102569", "name" : "102569", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040207", "name" : "1040207", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040207", "name" : "1040207", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43848/", "name" : "43848", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43848/", "name" : "43848", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:11.1.2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:12.2.1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:12.1.3.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jdeveloper:11.1.1.7.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.6, "impactScore" : 3.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.7 }, "severity" : "LOW", "exploitabilityScore" : 1.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-18T02:29Z", "lastModifiedDate" : "2024-11-21T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1028", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10282", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102534", "name" : "102534", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102534", "name" : "102534", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040196", "name" : "1040196", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040196", "name" : "1040196", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to compromise Core RDBMS. While the vulnerability is in Core RDBMS, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Core RDBMS. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 2.3, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-18T02:29Z", "lastModifiedDate" : "2024-11-21T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1029", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1030", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10301", "ASSIGNER" : "secalert_us@oracle.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102599", "name" : "102599", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102599", "name" : "102599", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040204", "name" : "1040204", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040204", "name" : "1040204", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:9.1.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-18T02:29Z", "lastModifiedDate" : "2024-11-21T03:05Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1031", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1032", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1033", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1034", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1035", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1036", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1037", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1038", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1039", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1040", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1041", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1042", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1043", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1044", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1045", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1046", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1047", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1048", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1049", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1050", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1051", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1052", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1053", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1054", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1055", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1056", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1057", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1058", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1059", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1060", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1061", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1062", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1063", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1064", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1065", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10651", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10652", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10653", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10654", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10655", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10656", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10657", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10658", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10659", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1066", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10660", "ASSIGNER" : "security-report@netflix.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-29T21:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1067", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1068", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10689", "ASSIGNER" : "security@perforce.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://puppet.com/security/cve/CVE-2017-10689", "name" : "https://puppet.com/security/cve/CVE-2017-10689", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://puppet.com/security/cve/CVE-2017-10689", "name" : "https://puppet.com/security/cve/CVE-2017-10689", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://usn.ubuntu.com/3567-1/", "name" : "USN-3567-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3567-1/", "name" : "USN-3567-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.3.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.10.0", "versionEndExcluding" : "1.10.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2016.4.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2017.1.0", "versionEndExcluding" : "2017.3.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1069", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-02-22T23:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10690", "ASSIGNER" : "security@perforce.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://puppet.com/security/cve/CVE-2017-10690", "name" : "https://puppet.com/security/cve/CVE-2017-10690", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://puppet.com/security/cve/CVE-2017-10690", "name" : "https://puppet.com/security/cve/CVE-2017-10690", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.3.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2017.3.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1070", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1071", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10718", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-17T22:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10719", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-17T22:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1072", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10720", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called \"avilib.dll\" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function \"sendchangename\" which allows a user to change the Wi-Fi name on the device. This function calls a sub function \"sub_75876EA0\" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The \"sendchangename\" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function \"sub_75876EA0\" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-17T22:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10721", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-17T22:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10722", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called \"avilib.dll\" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function \"sendchangepass\" which allows a user to change the Wi-Fi password on the device. This function calls a sub function \"sub_75876EA0\" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The \"sendchangepass\" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function \"sub_75876EA0\" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-17T22:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10723", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: \"SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by \"control_Dev_thread\" function which at address \"0x00409AE0\" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function \"setwifiname\". The function \"setwifiname\" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-17T22:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10724", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153241/Shekar-Endoscope-Weak-Default-Settings-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Shekar_boriscope_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: \"SETCMD0001+0002+[2 byte length of wifipassword]+[Wifipassword]. This request is handled by \"control_Dev_thread\" function which at address \"0x00409AE4\" compares the incoming request and determines if the 10th byte is 02 and if it is then it redirects to 0x0040A7D8, which calls the function \"setwifipassword\". The function \"setwifipassword\" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ishekar:endoscope_camera_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ishekar:endoscope_camera:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-17T22:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1073", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1074", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1075", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1076", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1077", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1078", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1079", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1080", "ASSIGNER" : "secure@intel.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-06-11T17:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1081", "ASSIGNER" : "secteam@freebsd.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/98089", "name" : "98089", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/98089", "name" : "98089", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038369", "name" : "1038369", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1038369", "name" : "1038369", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc", "name" : "FreeBSD-SA-17:04", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc", "name" : "FreeBSD-SA-17:04", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and 10.3-RELEASE-p19, ipfilter using \"keep state\" or \"keep frags\" options can cause a kernel panic when fed specially crafted packet fragments due to incorrect memory handling." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:10.3:p19:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:11.0:p10:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndIncluding" : "11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T13:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1082", "ASSIGNER" : "secteam@freebsd.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0", "versionEndExcluding" : "11.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0", "versionEndIncluding" : "10.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-12T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1083", "ASSIGNER" : "secteam@freebsd.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FreeBSD before 11.2-RELEASE, a stack guard-page is available but is disabled by default. This results in the possibility a poorly written process could be cause a stack overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-12T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1084", "ASSIGNER" : "secteam@freebsd.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/42277/", "name" : "42277", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42277/", "name" : "42277", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42278/", "name" : "42278", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42278/", "name" : "42278", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-12T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1085", "ASSIGNER" : "secteam@freebsd.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/42279/", "name" : "42279", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42279/", "name" : "42279", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "name" : "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In FreeBSD before 11.2-RELEASE, an application which calls setrlimit() to increase RLIMIT_STACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-12T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10852", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://corega.jp/support/security/20180309_wgr1200.htm", "name" : "http://corega.jp/support/security/20180309_wgr1200.htm", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://corega.jp/support/security/20180309_wgr1200.htm", "name" : "http://corega.jp/support/security/20180309_wgr1200.htm", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN15201064/index.html", "name" : "JVN#15201064", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN15201064/index.html", "name" : "JVN#15201064", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:corega:cg-wgr_1200_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:corega:cg-wgr_1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.3 }, "severity" : "HIGH", "exploitabilityScore" : 6.5, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T16:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10853", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://corega.jp/support/security/20180309_wgr1200.htm", "name" : "http://corega.jp/support/security/20180309_wgr1200.htm", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://corega.jp/support/security/20180309_wgr1200.htm", "name" : "http://corega.jp/support/security/20180309_wgr1200.htm", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN15201064/index.html", "name" : "JVN#15201064", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN15201064/index.html", "name" : "JVN#15201064", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:corega:cg-wgr_1200_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:corega:cg-wgr_1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.3 }, "severity" : "HIGH", "exploitabilityScore" : 6.5, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T16:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10854", "ASSIGNER" : "vultures@jpcert.or.jp" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://corega.jp/support/security/20180309_wgr1200.htm", "name" : "http://corega.jp/support/security/20180309_wgr1200.htm", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://corega.jp/support/security/20180309_wgr1200.htm", "name" : "http://corega.jp/support/security/20180309_wgr1200.htm", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN15201064/index.html", "name" : "JVN#15201064", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jvn.jp/en/jp/JVN15201064/index.html", "name" : "JVN#15201064", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:corega:cg-wgr_1200_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.20", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:corega:cg-wgr_1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T16:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1089", "ASSIGNER" : "secteam@freebsd.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1090", "ASSIGNER" : "secteam@freebsd.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10934", "ASSIGNER" : "psirt@zte.com.cn" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008682", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "All versions prior to V5.09.02.02T4 of the ZTE ZXIPTV-EPG product use the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zte:zxiptv-epg_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.09.02.02t4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zte:zxiptv-epg:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-25T15:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10935", "ASSIGNER" : "psirt@zte.com.cn" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008723", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008723", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008723", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008723", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "All versions prior to ZSRV2 V3.00.40 of the ZTE ZXR10 1800-2S products allow remote authenticated users to bypass the original password authentication protection to change other user's password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zte:zxr10_1800-2s_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.00.40", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zte:zxr10_1800-2s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-25T15:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10936", "ASSIGNER" : "psirt@zte.com.cn" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zte:zxcdn-sns_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.01.01", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zte:zxcdn-sns:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-25T15:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10937", "ASSIGNER" : "psirt@zte.com.cn" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782", "name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008782", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SQL injection vulnerability in all versions prior to V2.01.05.09 of the ZTE ZXIPTV-UCM product allows remote attackers to execute arbitrary SQL commands via the opertype parameter, resulting in the disclosure of database information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zte:zxiptv-ucm_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.01.05.09", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:zte:zxiptv-ucm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-25T15:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10938", "ASSIGNER" : "psirt@zte.com.cn" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-02-27T14:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10939", "ASSIGNER" : "psirt@zte.com.cn" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-02-27T14:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10963", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://gist.github.com/e96e02/12ce905e3b724954273dd7d543a968f1", "name" : "https://gist.github.com/e96e02/12ce905e3b724954273dd7d543a968f1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://gist.github.com/e96e02/12ce905e3b724954273dd7d543a968f1", "name" : "https://gist.github.com/e96e02/12ce905e3b724954273dd7d543a968f1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.lgsinnovations.com/lgs-innovations-discovers-samsung-mobile-product-security-vulnerability/", "name" : "https://www.lgsinnovations.com/lgs-innovations-discovers-samsung-mobile-product-security-vulnerability/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.lgsinnovations.com/lgs-innovations-discovers-samsung-mobile-product-security-vulnerability/", "name" : "https://www.lgsinnovations.com/lgs-innovations-discovers-samsung-mobile-product-security-vulnerability/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samsung:knox_enterprise_mobility_management:16.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samsung:knox_identity_access_management:16.11:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-20T19:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10988", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-17T15:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-10992", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://labs.integrity.pt/advisories/cve-2017-10992/", "name" : "https://labs.integrity.pt/advisories/cve-2017-10992/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://labs.integrity.pt/advisories/cve-2017-10992/", "name" : "https://labs.integrity.pt/advisories/cve-2017-10992/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:storage_essentials:9.5.0.142:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-10T13:15Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11003", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating a firmware image, data is read from flash into RAM without checking that the data fits into allotted RAM size." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11004", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/106128", "name" : "106128", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/106128", "name" : "106128", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.qualcomm.com/company/product-security/bulletins", "name" : "https://www.qualcomm.com/company/product-security/bulletins", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.qualcomm.com/company/product-security/bulletins", "name" : "https://www.qualcomm.com/company/product-security/bulletins", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A non-secure user may be able to access certain registers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:ipq8074_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:ipq8074:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_632:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_636:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdx24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:snapdragon_high_med_2016:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-03T15:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11008", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-10-25T16:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11010", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 650/52, SD 835, access control left a configuration space unprotected." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T15:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11011", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103671", "name" : "103671", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 835, a Use After Free condition can occur in a communication API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-11T15:29Z", "lastModifiedDate" : "2024-11-21T03:06Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11020", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-12-20T23:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11066", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing ubi image an uninitialized memory could be accessed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11069", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102413", "name" : "102413", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102413", "name" : "102413", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-10T19:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1107", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/108918", "name" : "108918", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108918", "name" : "108918", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906", "name" : "ibm-marketing-cve20171107-info-disc (120906)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/120906", "name" : "ibm-marketing-cve20171107-info-disc (120906)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10887815", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10887815", "refsource" : "", "tags" : [ "Broken Link", "Patch", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10887815", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10887815", "refsource" : "", "tags" : [ "Broken Link", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Marketing Platform 9.1.0, 9.1.2, 10.0, and 10.1 exposes sensitive information in the headers that could be used by an authenticated attacker in further attacks against the system. IBM X-Force ID: 120906." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:marketing_platform:9.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:marketing_platform:9.1.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:marketing_platform:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:marketing_platform:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-19T14:15Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11071", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-12-20T23:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11072", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while calculating CRC for GPT header fields with partition entries greater than 16384 buffer overflow occurs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-16T16:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11074", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f5ae7b35c90f14b7e66b3a91d4fb247563a8a22b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is an obsolete set/reset ssid hotlist API." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-16T22:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11075", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if cmd_pkt and reg_pkt are called from different userspace threads, a use after free condition can potentially occur in wdsp_glink_write()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11076", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html", "name" : "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm429_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm429:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm630:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm632_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm632:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm636_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm636:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm660_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sdm710_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sdm710:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:snapdragon_high_med_2016_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:snapdragon_high_med_2016:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-26T09:15Z", "lastModifiedDate" : "2025-01-09T21:02Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11078", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b", "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b", "name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=c975b4c716511c9086f6eb885f9a3524c428a19b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", "name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the boot image header, an out of bounds read can occur in boot." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-11-27T16:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11079", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11080", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a user supplied sparse image, a buffer overflow vulnerability could occur if the sparse header block size is equal to 4294967296." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11081", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a potential buffer overflow vulnerability in hdd_parse_setrmcenable_command and hdd_parse_setrmcactionperiod_command APIs as buffers defined in this API can hold maximum 32 bytes but data more than 32 bytes can get copied." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11082", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59", "name" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59", "name" : "https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2d4f8cd8d11f8fb1491a20d7e316cc0fd03eeb59", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to a race condition in a firmware loading routine, a buffer overflow could potentially occur if multiple user space threads try to update the WLAN firmware file through sysfs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-16T22:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11087", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103669", "name" : "103669", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103669", "name" : "103669", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android copies the output buffer to an application with the \"filled length\", which is larger than the output buffer's actual size, leading to an information disclosure problem in the context of mediaserver." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11088", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.qualcomm.com/company/product-security/bulletins", "name" : "https://www.qualcomm.com/company/product-security/bulletins", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.qualcomm.com/company/product-security/bulletins", "name" : "https://www.qualcomm.com/company/product-security/bulletins", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-06T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1114", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121152", "name" : "ibm-campaign-cve20171114-xss(121152)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121152", "name" : "ibm-campaign-cve20171114-xss(121152)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729773", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729773", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729773", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729773", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 121152." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-09-07T15:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11146", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not an independently fixable security issue relative to CVE-2017-11145. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-10T14:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1115", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121153", "name" : "ibm-campaign-cve20171115-html-injection(121153)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121153", "name" : "ibm-campaign-cve20171115-html-injection(121153)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729769", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 121153." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-09-07T15:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1116", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015569", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015569", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22015569", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22015569", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/104011", "name" : "104011", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104011", "name" : "104011", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121154", "name" : "ibm-campaign-cve20171116-info-disc(121154)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121154", "name" : "ibm-campaign-cve20171116-info-disc(121154)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive details on the client side which could provide information useful for an authenticated user to conduct other attacks. IBM X-Force ID: 121154." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:8.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:campaign:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-27T15:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11175", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md", "name" : "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md", "name" : "https://github.com/miruser/Roche-CVEs/blob/master/CVE-2017-11175.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:siemens:fin_stack:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1119", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738519", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738519", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10738519", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10738519", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121171", "name" : "ibm-marketing-cve20171119-path-disc(121171)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/121171", "name" : "ibm-marketing-cve20171119-path-disc(121171)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Marketing Operations 9.1.0, 9.1.2, and 10.1 could allow a remote attacker to obtain sensitive information. An attacker could send a specially-crafted request to cause an error message to be returned containing the full root path. An attacker could use this information to launch further attacks against the affected system. IBM X-Force ID: 121171." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:marketing_operations:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.2.0", "versionEndIncluding" : "9.1.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:marketing_operations:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.1.0.0", "versionEndIncluding" : "9.1.0.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:marketing_operations:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-11-09T01:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11197", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lp.cyberark.com/rs/316-CZP-275/images/ds-Viewfinity-102315-web.pdf", "name" : "http://lp.cyberark.com/rs/316-CZP-275/images/ds-Viewfinity-102315-web.pdf", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://lp.cyberark.com/rs/316-CZP-275/images/ds-Viewfinity-102315-web.pdf", "name" : "http://lp.cyberark.com/rs/316-CZP-275/images/ds-Viewfinity-102315-web.pdf", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.exploit-db.com/exploits/42319", "name" : "https://www.exploit-db.com/exploits/42319", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42319", "name" : "https://www.exploit-db.com/exploits/42319", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the \"add printer\" option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cyberark:viewfinity:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndExcluding" : "6.1.1.220", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cyberark:viewfinity:5.5.10.95:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2023-05-03T20:15Z", "lastModifiedDate" : "2025-01-30T18:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11240", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-19T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11247", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11250", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-19T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11253", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-19T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11264", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11266", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11306", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.011.30066", "versionEndExcluding" : "17.011.30068", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.011.30066", "versionEndExcluding" : "17.011.30068", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-19T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11307", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.011.30066", "versionEndExcluding" : "17.011.30068", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.011.30066", "versionEndExcluding" : "17.011.30068", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-19T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11308", "ASSIGNER" : "psirt@adobe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.011.30066", "versionEndExcluding" : "17.011.30068", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "11.0.0", "versionEndIncluding" : "11.0.22", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.011.30066", "versionEndExcluding" : "17.011.30068", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:classic:*:*:*", "versionStartIncluding" : "15.006.30355", "versionEndExcluding" : "15.006.30392", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", "versionStartIncluding" : "17.012.20098", "versionEndExcluding" : "18.009.20044", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-19T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11365", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-284" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f", "name" : "https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f", "name" : "https://github.com/symfony/symfony/commit/878198cefae028386c6dc800ccbf18f2b9cbff3f", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/symfony/symfony/pull/23507", "name" : "https://github.com/symfony/symfony/pull/23507", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/symfony/symfony/pull/23507", "name" : "https://github.com/symfony/symfony/pull/23507", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain Symfony products are affected by: Incorrect Access Control. This affects Symfony 2.7.30 and Symfony 2.8.23 and Symfony 3.2.10 and Symfony 3.3.3. The type of exploitation is: remote. The component is: Password validator." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sensiolabs:symfony:2.7.30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sensiolabs:symfony:2.8.23:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sensiolabs:symfony:3.2.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:sensiolabs:symfony:3.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-23T18:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11398", "ASSIGNER" : "security@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-534" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-19T19:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11427", "ASSIGNER" : "security@duo.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OneLogin PythonSAML 2.3.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:onelogin:pythonsaml:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-17T14:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11428", "ASSIGNER" : "security@duo.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:onelogin:ruby-saml:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-17T14:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11429", "ASSIGNER" : "security@duo.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clever:saml2-js:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-17T14:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11430", "ASSIGNER" : "security@duo.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "name" : "https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/475445", "name" : "https://www.kb.cert.org/vuls/id/475445", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:omniauth:omniauth_saml:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-17T14:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11483", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11484", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11485", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11486", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11487", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11488", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11489", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11490", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11491", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11492", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11493", "ASSIGNER" : "security@elastic.co" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11509", "ASSIGNER" : "vulnreport@tenable.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html", "name" : "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html", "name" : "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html", "name" : "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html", "name" : "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html", "name" : "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html", "name" : "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2017-36", "name" : "https://www.tenable.com/security/research/tra-2017-36", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2017-36", "name" : "https://www.tenable.com/security/research/tra-2017-36", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:firebirdsql:firebird:2.5.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:firebirdsql:firebird:3.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-28T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11510", "ASSIGNER" : "vulnreport@tenable.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.tenable.com/security/research/tra-2017-33", "name" : "https://www.tenable.com/security/research/tra-2017-33", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2017-33", "name" : "https://www.tenable.com/security/research/tra-2017-33", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:wanscam:hw0021_firmware:11.6.5.1.1-20161213:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:wanscam:hw0021:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-28T17:29Z", "lastModifiedDate" : "2024-11-21T03:07Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11544", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-23T03:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11545", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11543. Reason: This candidate is a duplicate of CVE-2017-11543. Notes: All CVE users should reference CVE-2017-11543 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-23T03:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11557", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://applications.com", "name" : "http://applications.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://applications.com", "name" : "http://applications.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.manageengine.com/", "name" : "https://www.manageengine.com/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.manageengine.com/", "name" : "https://www.manageengine.com/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738", "refsource" : "", "tags" : [ "Broken Link", "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18738", "refsource" : "", "tags" : [ "Broken Link", "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_applications_manager:12.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-23T18:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11559", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://opmanager.com", "name" : "http://opmanager.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://opmanager.com", "name" : "http://opmanager.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of \"/api/json/admin/getmailserversettings\" and \"/api/json/dashboard/gotoverviewlist\" is vulnerable to a Blind SQL Injection attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-23T18:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11560", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://opmanager.com", "name" : "http://opmanager.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://opmanager.com", "name" : "http://opmanager.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the application. Thus, an attacker can inject a malicious JavaScript payload inside the HTML file and upload it to the application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-23T18:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11561", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://opmanager.com", "name" : "http://opmanager.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://opmanager.com", "name" : "http://opmanager.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18736", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the \"Group Chat\" or \"Alarm\" section. This functionality can be abused by a malicious user by uploading a web shell." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_opmanager:12.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11563", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Aug/18", "name" : "20180821 CVE-2017-11563: Remote Code Execution via stack overflow in D-Link EyeOn Baby Monitor (DCS-825L)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/18", "name" : "20180821 CVE-2017-11563: Remote Code Execution via stack overflow in D-Link EyeOn Baby Monitor (DCS-825L)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "name" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "name" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP \"Discover\" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker can send a crafted UDP request to finderd to perform stack overflow and execute arbitrary code with root privilege on the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:eyeon_baby_monitor_firmware:1.08.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:eyeon_baby_monitor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11564", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Aug/19", "name" : "20180821 CVE-2017-11564: multiple command inject in D-Link EyeOn Baby Monitor (DCS-825L)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/19", "name" : "20180821 CVE-2017-11564: multiple command inject in D-Link EyeOn Baby Monitor (DCS-825L)", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "name" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "name" : "https://documents.trendmicro.com/assets/tech_brief_Device_Vulnerabilities_in_the_Connected_Home2.pdf", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:eyeon_baby_monitor_firmware:1.08.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:eyeon_baby_monitor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11578", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is connected to the Blipcare's device wireless network to easily sniff these values using a MITM attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:blipcare:wi-fi_blood_pressure_monitor_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "bp700_10.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:blipcare:wi-fi_blood_pressure_monitor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-02T21:15Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11579", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the most recent firmware for Blipcare, the device provides an open Wireless network called \"Blip\" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user's Wi-Fi credentials so that the device can connect to it and have Internet access. This device acts as a Wireless Blood pressure monitor and is used to measure blood pressure levels of a person. This allows an attacker who is in vicinity of Wireless signal generated by the Blipcare device to easily sniff the credentials. Also, an attacker can connect to the open wireless network \"Blip\" exposed by the device and modify the HTTP response presented to the user by the device to execute other attacks such as convincing the user to download and execute a malicious binary that would infect a user's computer or mobile device with malware." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:blipcare:wi-fi_blood_pressure_monitor_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "bp700_10.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:blipcare:wi-fi_blood_pressure_monitor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-02T21:15Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11580", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "name" : "http://packetstormsecurity.com/files/153225/Blipcare-Clear-Text-Communication-Memory-Corruption.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Blipcare_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the \"Blip\" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any part of the HTTP headers, the device could become completely unresponsive. Presumably this happens as the memory footprint provided to this device is very small. According to the specs from Rezolt, the Wi-Fi module only has 256k of memory. As a result, an incorrect string copy operation using either memcpy, strcpy, or any of their other variants could result in filling up the memory space allocated to the function executing and this would result in memory corruption. To test the theory, one can modify the demo application provided by the Cypress WICED SDK and introduce an incorrect \"memcpy\" operation and use the compiled application on the evaluation board provided by Cypress semiconductors with exactly the same Wi-Fi SOC. The results were identical where the device would completely stop responding to any of the ping or web requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:blipcare:wi-fi_blood_pressure_monitor_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "bp700_10.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:blipcare:wi-fi_blood_pressure_monitor:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-02T21:15Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11632", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:-:wireless_ip_camera_360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-26T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11633", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:-:wireless_ip_camera_360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-26T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11634", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password of 123456." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:-:wireless_ip_camera_360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-26T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11635", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "name" : "https://github.com/eloygn/IT_Security_Research_WirelessIP_camera_family", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:h:-:wireless_ip_camera_360:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-26T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11649", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "name" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "name" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors involving goform/setSnmp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:draytek:vigorap_910c_firmware:1.2.0:rc3:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:draytek:vigorap_910c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-07T02:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11650", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "name" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "name" : "https://iscouncil.blogspot.in/2018/03/dray-tek-vigor-ap910c-multiple.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:draytek:vigorap_910c_firmware:1.2.0:rc3:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:draytek:vigorap_910c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-07T02:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11672", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-428" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf", "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf", "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-11672.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OPC Foundation Local Discovery Server (LDS) before 1.03.367 is installed as a Windows Service without adding double quotes around the opcualds.exe executable path, which might allow local users to gain privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opcfoundation:local_discovery_server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.03.367", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-13T18:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11735", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in the originally named product. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-07-31T13:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11738", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://application.com", "name" : "http://application.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://application.com", "name" : "http://application.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/108470", "name" : "108470", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/108470", "name" : "108470", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html", "name" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html", "name" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-11738.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Zoho ManageEngine Application Manager prior to 14.6 Build 14660, the 'haid' parameter of the '/auditLogAction.do' module is vulnerable to a Time-based Blind SQL Injection attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:13100:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11739", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://application.com", "name" : "http://application.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://application.com", "name" : "http://application.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/108469", "name" : "108469", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/108469", "name" : "108469", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Zoho ManageEngine Application Manager 13.1 Build 13100, an authenticated user, with administrative privileges, has the ability to add a widget on any dashboard. This widget can be a \"Utility Widget\" with a \"Custom HTML or Text\" field. Once this widget is created, it will be loaded on the dashboard where it was added. An attacker can abuse this functionality by creating a \"Utility Widget\" that contains malicious JavaScript code, aka XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:13100:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-11740", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://application.com", "name" : "http://application.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://application.com", "name" : "http://application.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://manageengine.com", "name" : "http://manageengine.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "name" : "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18734", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:zohocorp:manageengine_applications_manager:13.1:13100:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1177", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123429", "name" : "ibm-bigfix-cve20171177-info-disc(123429)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123429", "name" : "ibm-bigfix-cve20171177-info-disc(123429)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM BigFix Compliance 1.7 through 1.9.91 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 123429." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_compliance:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7", "versionEndIncluding" : "1.9.91", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-02-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1198", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123673", "name" : "ibm-bigfix-cve20171198-info-disc(123673)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123673", "name" : "ibm-bigfix-cve20171198-info-disc(123673)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 123673." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_compliance:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7", "versionEndIncluding" : "1.9.91", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-02-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1200", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123675", "name" : "ibm-bigfix-cve20171200-info-disc(123675)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123675", "name" : "ibm-bigfix-cve20171200-info-disc(123675)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 123675." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_compliance:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7", "versionEndIncluding" : "1.9.91", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-02-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1202", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123677", "name" : "ibm-bigfix-cve20171202-html-injection(123677)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123677", "name" : "ibm-bigfix-cve20171202-html-injection(123677)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10737581", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM BigFix Compliance 1.7 through 1.9.91 (TEMA SUAv1 SCA SCM) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 123677." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_compliance:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.7", "versionEndIncluding" : "1.9.91", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-02-05T18:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1204", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006455", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006455", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006455", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006455", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123740", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains hard-coded credentials. A remote attacker could exploit this vulnerability to gain access to the system. IBM X-Force ID: 123740." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T21:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12070", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf", "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf", "name" : "https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2017-12070.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Unsigned versions of the DLLs distributed by the OPC Foundation may be replaced with malicious code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opcfoundation:ua-.net-legacy:1.02.336.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-06-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12073", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-12-30T21:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12075", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_24", "name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_24", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_24", "name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_24", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:synology:diskstation_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.2-23739", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-08T13:29Z", "lastModifiedDate" : "2025-01-14T19:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12078", "ASSIGNER" : "security@synology.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_79", "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_79", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.synology.com/en-global/support/security/Synology_SA_17_79", "name" : "https://www.synology.com/en-global/support/security/Synology_SA_17_79", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Command injection vulnerability in EZ-Internet in Synology Router Manager (SRM) before 1.1.6-6931 allows remote authenticated users to execute arbitrary command via the username parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:synology:router_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.1.6-6931", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-08T13:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12081", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the upgrade of a legacy Mesh attribute of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12082", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the 'CustomData' Mesh loading functionality of the Blender open-source 3d creation suite. A .blend file with a specially crafted external data file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to edit an object within a .blend library in their Scene in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12086", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the 'BKE_mesh_calc_normals_tessface' functionality of the Blender open-source 3d creation suite. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12087", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0439", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tinysvcmdns_project:tinysvcmdns:2016-07-18:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12088", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0440", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable denial of service vulnerability exists in the Ethernet functionality of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted packet can cause a device power cycle resulting in a fault state and deletion of ladder logic. An attacker can send one unauthenticated packet to trigger this vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12089", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0441", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0441", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0441", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0441", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable denial of service vulnerability exists in the program download functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a device fault resulting in halted operations. An attacker can send an unauthenticated packet to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12090", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0442", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle resulting in downtime for the device. An attacker can send one packet to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12091", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14462, CVE-2017-14463, CVE-2017-14464, CVE-2017-14465, CVE-2017-14466, CVE-2017-14467, CVE-2017-14468, CVE-2017-14469, CVE-2017-14470, CVE-2017-14471, CVE-2017-14472, and CVE-2017-14473. Reason: This candidate originally combined multiple issues. Notes: All CVE users should reference CVE-2017-14462, CVE-2017-14463, CVE-2017-14464, CVE-2017-14465, CVE-2017-14466, CVE-2017-14467, CVE-2017-14468, CVE-2017-14469, CVE-2017-14470, CVE-2017-14471, CVE-2017-14472, and CVE-2017-14473 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-02-27T16:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12092", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0444", "refsource" : "", "tags" : [ "Exploit", "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable file write vulnerability exists in the memory module functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a file write resulting in a new program being written to the memory module. An attacker can send an unauthenticated packet to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-04T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12093", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0445", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable insufficient resource pool vulnerability exists in the session communication functionality of Allen Bradley Micrologix 1400 Series B Firmware 21.2 and before. A specially crafted stream of packets can cause a flood of the session resource pool resulting in legitimate connections to the PLC being disconnected. An attacker can send unauthenticated packets to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12095", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-290" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0447", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0447", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0447", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0447", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable vulnerability exists in the WiFi Access Point feature of Circle with Disney running firmware 2.0.1. A series of WiFi packets can force Circle to setup an Access Point with default credentials. An attacker needs to send a series of spoofed \"de-auth\" packets to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:meetcircle:circle_with_disney_firmware:2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12097", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102484", "name" : "102484", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102484", "name" : "102484", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0449", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:delayed_job_web_project:delayed_job_web:1.4:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-19T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12098", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102486", "name" : "102486", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102486", "name" : "102486", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an authenticated user to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:rails_admin_project:rails_admin:1.2.0:*:*:*:*:ruby:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-19T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12099", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12100", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the 'multires_load_old_dm' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12101", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the 'modifier_mdef_compact_influences' functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open a .blend file in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12102", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts curves to polygons. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12103", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c converts text rendered as a font into a curve. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12104", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12105", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html", "name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4248", "name" : "DSA-4248", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c applies a particular object modifier to a Mesh. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use the file as a library in order to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:blender:blender:2.78c:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12107", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0459", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An memory corruption vulnerability exists in the .PCX parsing functionality of Computerinsel Photoline 20.02. A specially crafted .PCX file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .PCX file to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:pl32:photoline:20.02:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12108", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libxls_project:libxls:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12109", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULRK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libxls_project:libxls:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12112", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0464", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0464", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0464", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0464", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:cpp-ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12113", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0465", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0465", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0465", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0465", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:cpp-ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T23:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12114", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:cpp-ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12115", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0467", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0467", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0467", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0467", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:cpp-ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12116", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:aleth:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T23:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12117", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0469", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0469", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0469", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0469", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:cpp-ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12118", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0470", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0470", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0470", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0470", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:cpp-ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T23:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12119", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-754" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0471", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0471", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0471", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0471", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An attacker can send malicious JSON to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:cpp-ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T23:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12120", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0472", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation, resulting in a root shell. An attacker can inject OS commands into the ip= parm in the \"/goform/net_WebPingGetValue\" URI to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12121", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0473", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the rsakey\\_name= parm in the \"/goform/WebRSAKEYGen\" uri to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12122", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12123", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0475", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable clear text transmission of password vulnerability exists in the web server and telnet functionality of Moxa EDR-810 V4.1 build 17030317. An attacker can look at network traffic to get the admin password for the device. The attacker can then use the credentials to login as admin." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12124", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" }, { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0476", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in the web server crashing. An attacker can send a crafted URI to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12125", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0477", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the CN= parm in the \"/goform/net_WebCSRGen\" uri to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12126", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0478", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable cross-site request forgery vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP packet can cause cross-site request forgery. An attacker can create malicious HTML to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12127", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0479", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A password storage vulnerability exists in the operating system functionality of Moxa EDR-810 V4.1 build 17030317. An attacker with shell access could extract passwords in clear text from the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12128", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0480", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0480", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0480", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0480", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable information disclosure vulnerability exists in the Server Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted TCP packet can cause information disclosure. An attacker can send a crafted TCP packet to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12129", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-327" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0481", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0481", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0481", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0481", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable Weak Cryptography for Passwords vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. An attacker could intercept weakly encrypted passwords and could brute force them." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.9 }, "severity" : "LOW", "exploitabilityScore" : 5.5, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12130", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102795", "name" : "102795", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102795", "name" : "102795", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0486", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0486", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0486", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0486", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tinysvcmdns_project:tinysvcmdns:2017-11-05:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-20T00:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12148", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2017:3005", "name" : "RHSA-2017:3005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3005", "name" : "RHSA-2017:3005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12148", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in Ansible Tower's interface before 3.1.5 and 3.2.0 with SCM repositories. If a Tower project (SCM repository) definition does not have the 'delete before update' flag set, an attacker with commit access to the upstream playbook source repository could create a Trojan playbook that, when executed by Tower, modifies the checked out SCM repository to add git hooks. These git hooks could, in turn, cause arbitrary command and code execution as the user Tower runs as." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.1.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:ansible_tower:*:*:*:*:scm_repositories:*:*:*", "versionEndExcluding" : "3.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12150", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100918", "name" : "100918", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100918", "name" : "100918", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039401", "name" : "1039401", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039401", "name" : "1039401", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2789", "name" : "RHSA-2017:2789", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2789", "name" : "RHSA-2017:2789", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2790", "name" : "RHSA-2017:2790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2790", "name" : "RHSA-2017:2790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2791", "name" : "RHSA-2017:2791", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2791", "name" : "RHSA-2017:2791", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2858", "name" : "RHSA-2017:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2858", "name" : "RHSA-2017:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12150", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "name" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "name" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3983", "name" : "DSA-3983", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3983", "name" : "DSA-3983", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.samba.org/samba/security/CVE-2017-12150.html", "name" : "https://www.samba.org/samba/security/CVE-2017-12150.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.samba.org/samba/security/CVE-2017-12150.html", "name" : "https://www.samba.org/samba/security/CVE-2017-12150.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce \"SMB signing\" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.6.0", "versionEndExcluding" : "4.6.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.5.0", "versionEndExcluding" : "4.5.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0.25", "versionEndExcluding" : "4.4.16", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-26T18:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12151", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100917", "name" : "100917", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100917", "name" : "100917", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039401", "name" : "1039401", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039401", "name" : "1039401", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2790", "name" : "RHSA-2017:2790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2790", "name" : "RHSA-2017:2790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2858", "name" : "RHSA-2017:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2858", "name" : "RHSA-2017:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12151", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "name" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "name" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3983", "name" : "DSA-3983", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3983", "name" : "DSA-3983", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.samba.org/samba/security/CVE-2017-12151.html", "name" : "https://www.samba.org/samba/security/CVE-2017-12151.html", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://www.samba.org/samba/security/CVE-2017-12151.html", "name" : "https://www.samba.org/samba/security/CVE-2017-12151.html", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the way samba client before samba 4.4.16, samba 4.5.14 and samba 4.6.8 used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.6.0", "versionEndExcluding" : "4.6.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.5.0", "versionEndExcluding" : "4.5.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.16", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:cifs_server:b.04.05.11.00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T12:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12152", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-08-08T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12161", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-640" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484564", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", "name" : "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", "name" : "https://github.com/keycloak/keycloak-documentation/pull/268/commits/a2b58aadee42af2c375b72e86dffc2cf23cc3770", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that keycloak before 3.4.2 final would permit misuse of a client-side /etc/hosts entry to spoof a URL in a password reset request. An attacker could use this flaw to craft a malicious password reset request and gain a valid reset token, leading to information disclosure or further attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keycloak:keycloak:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-21T18:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12163", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100925", "name" : "100925", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100925", "name" : "100925", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039401", "name" : "1039401", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039401", "name" : "1039401", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2789", "name" : "RHSA-2017:2789", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2789", "name" : "RHSA-2017:2789", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2790", "name" : "RHSA-2017:2790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2790", "name" : "RHSA-2017:2790", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2791", "name" : "RHSA-2017:2791", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2791", "name" : "RHSA-2017:2791", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2858", "name" : "RHSA-2017:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2858", "name" : "RHSA-2017:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12163", "refsource" : "", "tags" : [ "Issue Tracking", "Mitigation", "Third Party Advisory" ] }, { "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03775en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "name" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "name" : "https://security.netapp.com/advisory/ntap-20170921-0001/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03817en_us", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3983", "name" : "DSA-3983", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-3983", "name" : "DSA-3983", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.samba.org/samba/security/CVE-2017-12163.html", "name" : "https://www.samba.org/samba/security/CVE-2017-12163.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.samba.org/samba/security/CVE-2017-12163.html", "name" : "https://www.samba.org/samba/security/CVE-2017-12163.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.synology.com/support/security/Synology_SA_17_57_Samba", "name" : "https://www.synology.com/support/security/Synology_SA_17_57_Samba", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://www.synology.com/support/security/Synology_SA_17_57_Samba", "name" : "https://www.synology.com/support/security/Synology_SA_17_57_Samba", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.6.0", "versionEndExcluding" : "4.6.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.5.0", "versionEndExcluding" : "4.5.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.16", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-26T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12164", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-665" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28", "name" : "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28", "name" : "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gnome_display_manager:3.24.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.5, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-26T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12165", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-444" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2017:3454", "name" : "RHSA-2017:3454", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3454", "name" : "RHSA-2017:3454", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3455", "name" : "RHSA-2017:3455", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3455", "name" : "RHSA-2017:3455", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3456", "name" : "RHSA-2017:3456", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3456", "name" : "RHSA-2017:3456", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3458", "name" : "RHSA-2017:3458", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3458", "name" : "RHSA-2017:3458", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0002", "name" : "RHSA-2018:0002", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0002", "name" : "RHSA-2018:0002", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0003", "name" : "RHSA-2018:0003", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0003", "name" : "RHSA-2018:0003", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0004", "name" : "RHSA-2018:0004", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0004", "name" : "RHSA-2018:0004", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0005", "name" : "RHSA-2018:0005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0005", "name" : "RHSA-2018:0005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1322", "name" : "RHSA-2018:1322", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1322", "name" : "RHSA-2018:1322", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12165", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.0", "versionEndExcluding" : "1.4.17", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.0.0", "versionEndExcluding" : "1.3.31", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:undertow:2.0.0:alpha_1:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T15:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12167", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100903", "name" : "100903", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100903", "name" : "100903", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3454", "name" : "RHSA-2017:3454", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3454", "name" : "RHSA-2017:3454", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3455", "name" : "RHSA-2017:3455", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3455", "name" : "RHSA-2017:3455", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3456", "name" : "RHSA-2017:3456", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3456", "name" : "RHSA-2017:3456", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3458", "name" : "RHSA-2017:3458", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3458", "name" : "RHSA-2017:3458", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0002", "name" : "RHSA-2018:0002", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0002", "name" : "RHSA-2018:0002", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0003", "name" : "RHSA-2018:0003", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0003", "name" : "RHSA-2018:0003", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0004", "name" : "RHSA-2018:0004", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0004", "name" : "RHSA-2018:0004", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0005", "name" : "RHSA-2018:0005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0005", "name" : "RHSA-2018:0005", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12167", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.0.9", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-26T17:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12169", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102136", "name" : "102136", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102136", "name" : "102136", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1487697", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1487697", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1487697", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1487697", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users. NOTE: some developers feel that this report is a suggestion for a design change to Stage User activation, not a statement of a vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freeipa:freeipa:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T15:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12171", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101516", "name" : "101516", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101516", "name" : "101516", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039633", "name" : "1039633", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039633", "name" : "1039633", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2972", "name" : "RHSA-2017:2972", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2972", "name" : "RHSA-2017:2972", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12171", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A regression was found in the Red Hat Enterprise Linux 6.9 version of httpd 2.2.15-60, causing comments in the \"Allow\" and \"Deny\" configuration lines to be parsed incorrectly. A web administrator could unintentionally allow any client to access a restricted HTTP resource." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:http_server:2.2.15-60:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-26T17:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12173", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2017:3379", "name" : "RHSA-2017:3379", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3379", "name" : "RHSA-2017:3379", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1877", "name" : "RHSA-2018:1877", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1877", "name" : "RHSA-2018:1877", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12173", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.16.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T16:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12174", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:0268", "name" : "RHSA-2018:0268", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0268", "name" : "RHSA-2018:0268", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0269", "name" : "RHSA-2018:0269", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0269", "name" : "RHSA-2018:0269", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0270", "name" : "RHSA-2018:0270", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0270", "name" : "RHSA-2018:0270", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0271", "name" : "RHSA-2018:0271", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0271", "name" : "RHSA-2018:0271", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0275", "name" : "RHSA-2018:0275", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0275", "name" : "RHSA-2018:0275", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12174", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E", "name" : "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E", "name" : "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E", "name" : "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rc96ad63f148f784c84ea7f0a178c84a8985c6afccabbcd9847a82088%40%3Ccommits.activemq.apache.org%3E", "name" : "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26118", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:activemq_artemis:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:hornetq:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.4.0", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-07T22:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12175", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101245", "name" : "101245", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101245", "name" : "101245", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12175", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://projects.theforeman.org/issues/22042", "name" : "https://projects.theforeman.org/issues/22042", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://projects.theforeman.org/issues/22042", "name" : "https://projects.theforeman.org/issues/22042", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Red Hat Satellite before 6.5 is vulnerable to a XSS in discovery rule when you are entering filter and you use autocomplete functionality." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-26T17:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12176", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509214", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509214", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509214", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509214", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12177", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509218", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509218", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509218", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509218", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12178", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509219", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509219", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509219", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509219", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12179", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509220", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509220", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509220", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509220", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=d088e3c1286b548a58e62afdc70bb40981cdb9e8", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12180", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509221", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509221", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509221", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509221", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:08Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12181", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509222", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509222", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509222", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509222", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12182", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509223", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509223", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509223", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509223", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12183", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509224", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509224", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509224", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509224", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://security.gentoo.org/glsa/201711-05", "name" : "GLSA-201711-05", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12184", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509225", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509225", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509225", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509225", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12185", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509215", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509215", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509215", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509215", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12186", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509216", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509216", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509216", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509216", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12187", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509217", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509217", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509217", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1509217", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "name" : "https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00032.html", "name" : "[debian-lts-announce] 20171122 [SECURITY] [DLA 1186-1] xorg-server security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4000", "name" : "DSA-4000", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:x.org:xorg-server:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.19.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12189", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102407", "name" : "102407", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102407", "name" : "102407", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0002", "name" : "RHSA-2018:0002", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0002", "name" : "RHSA-2018:0002", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0003", "name" : "RHSA-2018:0003", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0003", "name" : "RHSA-2018:0003", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0004", "name" : "RHSA-2018:0004", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0004", "name" : "RHSA-2018:0004", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0005", "name" : "RHSA-2018:0005", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0005", "name" : "RHSA-2018:0005", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12189", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T19:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12191", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:0374", "name" : "RHSA-2018:0374", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0374", "name" : "RHSA-2018:0374", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500517", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500517", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500517", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500517", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms:4.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.1, "impactScore" : 3.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-28T13:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12194", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103413", "name" : "103413", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103413", "name" : "103413", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1501200", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1501200", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1501200", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1501200", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201811-20", "name" : "GLSA-201811-20", "refsource" : "", "tags" : [ ] }, { "url" : "https://security.gentoo.org/glsa/201811-20", "name" : "GLSA-201811-20", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3659-1/", "name" : "USN-3659-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3659-1/", "name" : "USN-3659-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spice-gtk_project:spice-gtk:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.34", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-14T21:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12195", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2017:3188", "name" : "RHSA-2017:3188", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3188", "name" : "RHSA-2017:3188", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3389", "name" : "RHSA-2017:3389", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3389", "name" : "RHSA-2017:3389", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12195", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12195", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12195", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12195", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12196", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1525", "name" : "RHSA-2018:1525", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1525", "name" : "RHSA-2018:1525", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2405", "name" : "RHSA-2018:2405", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2405", "name" : "RHSA-2018:2405", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3768", "name" : "RHSA-2018:3768", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3768", "name" : "RHSA-2018:3768", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://issues.jboss.org/browse/UNDERTOW-1190", "name" : "https://issues.jboss.org/browse/UNDERTOW-1190", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://issues.jboss.org/browse/UNDERTOW-1190", "name" : "https://issues.jboss.org/browse/UNDERTOW-1190", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:undertow:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.4.18", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:undertow:1.4.24:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:undertow:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-18T01:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12197", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2017:2904", "name" : "RHSA-2017:2904", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2904", "name" : "RHSA-2017:2904", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2905", "name" : "RHSA-2017:2905", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2905", "name" : "RHSA-2017:2905", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2906", "name" : "RHSA-2017:2906", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:2906", "name" : "RHSA-2017:2906", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1503103", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1503103", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1503103", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1503103", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html", "name" : "[debian-lts-announce] 20171107 [SECURITY] [DLA 1165-1] libpam4j security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00008.html", "name" : "[debian-lts-announce] 20171107 [SECURITY] [DLA 1165-1] libpam4j security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4025", "name" : "DSA-4025", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4025", "name" : "DSA-4025", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that libpam4j up to and including 1.8 did not properly validate user accounts when authenticating. A user with a valid password for a disabled account would be able to bypass security restrictions and possibly access sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libpam4j_project:libpam4j:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-18T21:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12307", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102718", "name" : "102718", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102718", "name" : "102718", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb1", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting and injecting code into a user request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches, Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches. Cisco Bug IDs: CSCvg24637." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-10_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-10:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-10p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-10p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-10mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-10mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg355-10p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg355-10p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-28_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-28:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-28p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-28p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-28mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-28mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf350-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf350-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf350-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf350-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf350-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf350-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-2f10_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-2f10:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-24f_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-24f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-24t_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-24t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-48t_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-48t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-16ft_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-16ft:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-24ft_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-24ft:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-12f_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-12f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-24f_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-24f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-350g-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-350g-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-350g-52dc_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-350g-52dc:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-550x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-550x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-550x-48dc_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-550x-48dc:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-48pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-48pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-08_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-08:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-20_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10sfp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10sfp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-52p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-52p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-52mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-52mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-28mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-28mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-52mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-52mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500xg-8f8t_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500xg-8f8t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-28_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-28:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-28p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-28p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-52p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-52p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-18T06:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12308", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-Other" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-300-500-smb2", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. This vulnerability affects the following Cisco Small Business 300 and 500 Series Managed Switches: Cisco 350 Series Managed Switches, Cisco 350X Series Stackable Managed Switches, Cisco 550X Series Stackable Managed Switches, Cisco ESW2 Series Advanced Switches, Cisco Small Business 300 Series Managed Switches, Cisco Small Business 500 Series Stackable Managed Switches. Cisco Bug IDs: CSCvg29980." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-10_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-10:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-10p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-10p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-10mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-10mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg355-10p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg355-10p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-28_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-28:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-28p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-28p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350-28mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350-28mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf350-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf350-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf350-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf350-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf350-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf350-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-2f10_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-2f10:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-24f_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-24f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-24t_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-24t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350xg-48t_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350xg-48t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg350x-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg350x-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-16ft_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-16ft:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-24ft_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-24ft:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-12f_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-12f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-24f_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-24f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sx550x-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sx550x-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-24mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-24mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg550x-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg550x-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf550x-48mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf550x-48mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-350g-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-350g-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-350g-52dc_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-350g-52dc:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-550x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-550x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:esw2-550x-48dc_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esw2-550x-48dc:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-48pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-48pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28pp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28pp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-08_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-08:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-20_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf302-08_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf302-08:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf300-24mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf300-24mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-10sfp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-10sfp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-28mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-28mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-52p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-52p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg300-52mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg300-52mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-28mpp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-28mpp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-52mp_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-52mp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500xg-8f8t_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500xg-8f8t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sf500-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sf500-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-28_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-28:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-28p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-28p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-52_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-52:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500-52p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500-52p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-24_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-24:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-24p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-24p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-48_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-48:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:sg500x-48p_firmware:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.7.0", "versionEndExcluding" : "1.4.9.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:sg500x-48p:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-18T06:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1231", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123910", "name" : "ibm-bigfix-cve20171231-info-disc(123910)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123910", "name" : "ibm-bigfix-cve20171231-info-disc(123910)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511", "name" : "https://www-01.ibm.com/support/docview.wss?uid=ibm10724511", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM BigFix Platform 9.5 - 9.5.9 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 123910." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_platform:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5", "versionEndIncluding" : "9.5.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-10-12T05:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12310", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-319" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171023-spark", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the auto discovery phase of Cisco Spark Hybrid Calendar Service could allow an unauthenticated, remote attacker to view sensitive information in the unencrypted headers of an HTTP method request. The attacker could use this information to conduct additional reconnaissance attacks leading to the disclosure of sensitive customer data. The vulnerability exists in the auto discovery phase because an unencrypted HTTP request is made due to requirements for implementing the Hybrid Calendar service. An attacker could exploit this vulnerability by monitoring the unencrypted traffic on the network. An exploit could allow the attacker to access sensitive customer data belonging to Office365 users, such as email and calendar events. Cisco Bug IDs: CSCvg35593." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cisco:spark_hybrid_calendar_service:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T09:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12319", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101676", "name" : "101676", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101676", "name" : "101676", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp", "name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171103-bgp", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. The vulnerability exists due to changes in the implementation of the BGP MPLS-Based Ethernet VPN RFC (RFC 7432) draft between IOS XE software releases. When the BGP Inclusive Multicast Ethernet Tag Route or BGP EVPN MAC/IP Advertisement Route update packet is received, it could be possible that the IP address length field is miscalculated. An attacker could exploit this vulnerability by sending a crafted BGP packet to an affected device after the BGP session was established. An exploit could allow the attacker to cause the affected device to reload or corrupt the BGP routing table; either outcome would result in a DoS. The vulnerability may be triggered when the router receives a crafted BGP message from a peer on an existing BGP session. This vulnerability affects all releases of Cisco IOS XE Software prior to software release 16.3 that support BGP EVPN configurations. If the device is not configured for EVPN, it is not vulnerable. Cisco Bug IDs: CSCui67191, CSCvg52875." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios:15.4\\(1\\)s:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*", "versionEndExcluding" : "16.3", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1000_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-4g\\/6g_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-4g_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-4gltegb_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-4gltena_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-4p_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-6g_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-8p_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100-lte_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1100_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1101-4p_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1101_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1109-2p_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1109-4p_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1109_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1111x-8p_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1111x_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:111x_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1120_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1131_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1160_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1801_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1802_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1803_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1811_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1812_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1841_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1861_integrated_service_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1905_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1906c_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1921_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1941_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:1941w_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4000_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:422_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4221_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4321\\/k9-rf_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4321\\/k9-ws_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4321\\/k9_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4321_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4331\\/k9-rf_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4331\\/k9-ws_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4331\\/k9_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4331_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4351\\/k9-rf_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4351\\/k9-ws_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4351\\/k9_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4351_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4431_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:44461_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4451-x_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4451_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:4461_integrated_services_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8101-32fh:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8101-32h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8102-64h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8201:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8201-32fh:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8202:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8208:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8218:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8800_12-slot:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8800_18-slot:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8800_4-slot:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8800_8-slot:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8804:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8808:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8812:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8818:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:8831:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:9800-40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:9800-80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:9800-cl:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:9800-l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1000-esp100:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1000-esp100-x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1000-esp200-x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1000-x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1001:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1001-hx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1001-hx_r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1001-x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1001-x_r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1002:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1002-hx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1002-hx_r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1002-x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1002-x_r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1004:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1006:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1006-x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1009-x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1013:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_1023:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_900:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-12c-f-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-12c-ft-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-4c-f-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-4c-ft-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-6cz-f-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-6cz-f-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-6cz-fs-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-6cz-fs-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-6cz-ft-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901-6cz-ft-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901s-2sg-f-ah:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901s-2sg-f-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901s-3sg-f-ah:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901s-3sg-f-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_901s-4sg-f-d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_902:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:asr_902u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-1n1s-4t2x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-1n1s-6t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-2n2s-4t2x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8300-2n2s-6t:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8500-4qc:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8500l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8510csr:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8510msr:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8540csr:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_8540msr:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9200cx:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9200l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24p-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24p-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24s-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24s-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24t-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24t-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24u-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24u-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24ux-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-24ux-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48p-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48p-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48s-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48s-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48t-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48t-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48u-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48u-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48un-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48un-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48uxm-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300-48uxm-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24p-4g-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24p-4x-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24t-4g-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-24t-4x-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48p-4g-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48p-4x-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48t-4g-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l-48t-4x-e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300l_stack:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300lm:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9300x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9400_supervisor_engine-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9407r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9410r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9500h:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9600_supervisor_engine-1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9600x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9800-40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9800-80:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9800-cl:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9800-l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9800-l-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_9800-l-f:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_ie3200_rugged_switch:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:catalyst_ie3300_rugged_switch:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:cloud_services_router_1000v:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esr-6300-con-k9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:esr-6300-ncp-k9:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:integrated_services_virtual_router:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cisco:network_convergence_system_520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-27T09:29Z", "lastModifiedDate" : "2025-01-27T19:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1233", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-863" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011765", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011765", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22011765", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22011765", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123912", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123912", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123912", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/123912", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Remote Control v9 could allow a local user to use the component to replace files to which he does not have write access and which he can cause to be executed with Local System or root privileges. IBM X-Force ID: 123912." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:bigfix_remote_control:9.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-31T15:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1237", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355", "name" : "ibm-jazz-cve20171237-xss(124355)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124355", "name" : "ibm-jazz-cve20171237-xss(124355)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715709", "name" : "https://www-prd-trops.events.ibm.com/node/715709", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715709", "name" : "https://www-prd-trops.events.ibm.com/node/715709", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Jazz based applications are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124355." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12374", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.99.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12375", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11940", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11940", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11940", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11940", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.99.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12376", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11942", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11942", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11942", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11942", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.99.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12377", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11943", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11943", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11943", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11943", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.99.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12378", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11946", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11946", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11946", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11946", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.99.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12379", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11944", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11944", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11944", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11944", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.99.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1238", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356", "name" : "ibm-rqm-cve20171238-xss(124356)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124356", "name" : "ibm-rqm-cve20171238-xss(124356)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124356." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "6.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12380", "ASSIGNER" : "psirt@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11945", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11945", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11945", "name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11945", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-1/", "name" : "USN-3550-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3550-2/", "name" : "USN-3550-2", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.99.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1239", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357", "name" : "ibm-rqm-cve20171239-info-disc(124357)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124357", "name" : "ibm-rqm-cve20171239-info-disc(124357)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "6.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12410", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/541884/100/0/threaded", "name" : "20180322 Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/541884/100/0/threaded", "name" : "20180322 Kaseya AgentMon.exe <= 9.3.0.11 - Local Privilege Escalation", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It is possible to exploit a Time of Check & Time of Use (TOCTOU) vulnerability by winning a race condition when Kaseya Virtual System Administrator agent 9.3.0.11 and earlier tries to execute its binaries from working and/or temporary folders. Successful exploitation results in the execution of arbitrary programs with \"NT AUTHORITY\\SYSTEM\" privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.3.0.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.4, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T21:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12412", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/128", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/128", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/128", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/128", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent attackers to have unspecified impact via a crafted file, which triggers infinite recursion and a stack overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12415", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.oxid-esales.com/view.php?id=6674", "name" : "https://bugs.oxid-esales.com/view.php?id=6674", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://bugs.oxid-esales.com/view.php?id=6674", "name" : "https://bugs.oxid-esales.com/view.php?id=6674", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2017-001.html", "name" : "https://oxidforge.org/en/security-bulletin-2017-001.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2017-001.html", "name" : "https://oxidforge.org/en/security-bulletin-2017-001.html", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.10 (legacy), and 5.3.x before 5.3.5 (maintenance), and Professional Edition before 6.0.0 RC2 (development), 4.9.x before 4.9.10 (legacy) and 4.10.x before 4.10.5 (maintenance) allow remote attackers to hijack the cart session of a client via Cross-Site Request Forgery (CSRF) if the following pre-conditions are met: (1) the attacker knows which shop is presently used by the client, (2) the attacker knows the exact time when the customer will add product items to the cart, (3) the attacker knows which product items are already in the cart (has to know their article IDs), and (4) the attacker would be able to trick user into clicking a button (submit form) of an e-mail or remote site within the period of visiting the shop and placing an order." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "versionStartIncluding" : "4.10.0", "versionEndExcluding" : "4.10.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "versionStartIncluding" : "4.9.0", "versionEndExcluding" : "4.9.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "versionStartIncluding" : "4.10.0", "versionEndExcluding" : "4.10.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "versionStartIncluding" : "4.9.0", "versionEndExcluding" : "4.9.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:professional:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "5.3.0", "versionEndExcluding" : "5.3.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndExcluding" : "5.2.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-20T23:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1242", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524", "name" : "ibm-rqm-cve20171242-html-injection(124524)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124524", "name" : "ibm-rqm-cve20171242-html-injection(124524)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "6.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12447", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=785979", "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=785979", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.gnome.org/show_bug.cgi?id=785979", "name" : "https://bugzilla.gnome.org/show_bug.cgi?id=785979", "refsource" : "", "tags" : [ "Exploit", "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome", "name" : "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome", "name" : "https://github.com/hackerlib/hackerlib-vul/tree/master/gnome", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3912-1/", "name" : "USN-3912-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3912-1/", "name" : "USN-3912-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial of service (stack corruption) or possibly have unspecified other impact via a crafted file folder." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:gdk-pixbuf:2.32.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gnome:nautilus:3.14.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-03-07T23:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12463", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/129", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/129", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/129", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/129", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) via vectors involving an envelope_s structure pointer when the packet format is unknown." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12464", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/130", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/130", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via vectors involving the keyfile variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12465", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/131", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/131", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/131", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/131", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple integer overflows in CCN-lite before 2.00 allow context-dependent attackers to have unspecified impact via vectors involving the (1) vallen variable in the iottlv_parse_sequence function or (2) typ, vallen and i variables in the localrpc_parse function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12466", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/132", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/132", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/132", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/132", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors related to ssl_halen when running ccn-lite-sim, which trigger an out-of-bounds access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12467", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/133", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/133", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/133", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/133", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Memory leak in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service (memory consumption) by leveraging failure to allocate memory for the comp or complen structure member." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12468", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/134", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/134", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/134", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/134", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the vallen and len variables." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12469", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/135", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/135", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/135", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/135", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging incorrect memory allocation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12470", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/136", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/136", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/136", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/136", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Integer overflow in the ndn_parse_sequence function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact via vectors involving the typ and vallen variables." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12471", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/137", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/137", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/137", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/137", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The cnb_parse_lev function in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging failure to check for out-of-bounds conditions, which triggers an invalid read in the hexdump function." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12472", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/138", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/138", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/138", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/138", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "name" : "https://github.com/cn-uofbasel/ccn-lite/releases/tag/2.0.0", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent attackers to have unspecified impact by leveraging missing NULL pointer checks after ccnl_malloc." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12473", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/139", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/139", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/cn-uofbasel/ccn-lite/issues/139", "name" : "https://github.com/cn-uofbasel/ccn-lite/issues/139", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with \"wrong L values.\"" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ccn-lite:ccn-lite:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.0.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-07T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1248", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628", "name" : "ibm-rqm-cve20171248-html-injection(124628)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124628", "name" : "ibm-rqm-cve20171248-html-injection(124628)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124628." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "6.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12487", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12488", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12489", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12490", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12491", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12492", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12493", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12494", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12495", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12496", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12497", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12498", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12499", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1250", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124630", "name" : "ibm-rqm-cve20171250-xss(124630)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124630", "name" : "ibm-rqm-cve20171250-xss(124630)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force 124630." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12500", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44648/", "name" : "44648", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44648/", "name" : "44648", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12501", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12502", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12503", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12504", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12505", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12506", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12507", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Technical Description", "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Technical Description", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12508", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12509", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12510", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12511", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12512", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12513", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12514", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12515", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12516", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12517", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12518", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12519", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12520", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12521", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12522", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12523", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12524", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12525", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12526", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12527", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12528", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12529", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12530", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12531", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12532", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12533", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12534", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12535", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12536", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12537", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12538", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12539", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12540", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12541", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100367", "name" : "100367", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039152", "name" : "1039152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12542", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100467", "name" : "100467", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100467", "name" : "100467", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039222", "name" : "1039222", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039222", "name" : "1039222", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44005/", "name" : "44005", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44005/", "name" : "44005", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.53", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:hp:integrated_lights-out_4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 10.0, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12543", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101944", "name" : "101944", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101944", "name" : "101944", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03705en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A remote disclosure of information vulnerability in Moonshot Remote Console Administrator Prior to 2.50, iLO4 prior to v2.53, iLO3 prior to v1.89 and iLO2 prior to v2.30 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:moonshot_remote_console_administrator:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.50", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:integrated_lights-out_2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.30", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:integrated_lights-out_3_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.89", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.53", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:hp:integrated_lights-out:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12544", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12545", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2017-30", "name" : "https://www.tenable.com/security/research/tra-2017-30", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2017-30", "name" : "https://www.tenable.com/security/research/tra-2017-30", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A remote denial of service vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12546", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:C/I:C/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12547", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:N/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12548", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local arbitrary command execution vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:N/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12549", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:C/I:C/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1255", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014537", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014537", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014537", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014537", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675", "name" : "ibm-guardium-cve20171255-info-disc(124675)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124675", "name" : "ibm-guardium-cve20171255-info-disc(124675)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 124675." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:10.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:10.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:10.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:10.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:10.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-02T13:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12550", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local security misconfiguration vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:N/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12551", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:N/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12552", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:N/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12553", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101029", "name" : "101029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039437", "name" : "1039437", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local authentication bypass vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:S/C:C/I:C/A:N", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.5, "impactScore" : 9.2, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12554", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03782en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03782en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03782en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03782en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT iMC Plat 7.3 E0504P2 and earlier was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12555", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1039496", "name" : "1039496", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039496", "name" : "1039496", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03776en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2017-27", "name" : "https://www.tenable.com/security/research/tra-2017-27", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.tenable.com/security/research/tra-2017-27", "name" : "https://www.tenable.com/security/research/tra-2017-27", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A remote arbitrary file download and disclosure of information vulnerability in HPE Intelligent Management Center (iMC) Service Operation Management (SOM) version IMC SOM 7.3 E0501 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0501:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12556", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101152", "name" : "101152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101152", "name" : "101152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12557", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101152", "name" : "101152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101152", "name" : "101152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/45952/", "name" : "45952", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/45952/", "name" : "45952", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12558", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101152", "name" : "101152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101152", "name" : "101152", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03778en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p2:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12559", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p02:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12560", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03777en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Remote Denial of Service vulnerability in HPE Intelligent Management Center (iMC) PLAT version iMC Plat 7.3 E0504P2 was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p02:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12561", "ASSIGNER" : "security-alert@hpe.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-824" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039495", "name" : "1039495", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03781en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03781en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03781en_us", "name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03781en_us", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A remote code execution vulnerability in HPE intelligent Management Center (iMC) PLAT version Plat 7.3 E0504P4 and earlier was found." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hp:intelligent_management_center:7.3:e0504p4:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12573", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Aug/29", "name" : "20180821 CVE-2017-12573: command injection in PLANEX CS-W50HD", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/29", "name" : "20180821 CVE-2017-12573: command injection in PLANEX CS-W50HD", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page \"/cgi-bin/nasset.cgi\". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:planex:cs-w50hd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "030720", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:planex:cs-w50hd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12574", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Aug/25", "name" : "20180821 CVE-2017-12574: Hardcode credential in PLANEX CS-W50HD", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/25", "name" : "20180821 CVE-2017-12574: Hardcode credential in PLANEX CS-W50HD", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential \"supervisor:dangerous\" was injected into web authentication database \"/.htpasswd\" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:planex:cs-w50hd_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "030720", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:planex:cs-w50hd:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12575", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://jvn.jp/en/jp/JVN38248512/index.html", "name" : "JVN#38248512", "refsource" : "", "tags" : [ ] }, { "url" : "http://jvn.jp/en/jp/JVN38248512/index.html", "name" : "JVN#38248512", "refsource" : "", "tags" : [ ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/26", "name" : "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/26", "name" : "20180821 CVE-2017-12575: information leakage in NEC Aterm WG2600HP2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on the NEC Aterm WG2600HP2 1.0.2. The router has a set of web service APIs for access to and setup of the configuration. Some APIs don't require authentication. An attacker could exploit this vulnerability by sending a crafted HTTP request to retrieve DHCP clients, firmware version, and network status (ex.: curl -X http://[IP]/aterm_httpif.cgi/negotiate -d \"REQ_ID=SUPPORT_IF_GET\")." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:aterm:wg2600hp2_firmware:1.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:aterm:wg2600hp2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12576", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-668" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Aug/27", "name" : "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/27", "name" : "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:planex:cs-qr20_firmware:1.30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12577", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Aug/28", "name" : "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Aug/28", "name" : "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:planex:cs-qr20_firmware:1.30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:planex:smacam_night_vision:-:*:*:*:*:android:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12580", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-426" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-prevent-dll-preloading-attacks", "name" : "https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-prevent-dll-preloading-attacks", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-prevent-dll-preloading-attacks", "name" : "https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-prevent-dll-preloading-attacks", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.fortiguard.com/zeroday/FG-VD-17-089", "name" : "https://www.fortiguard.com/zeroday/FG-VD-17-089", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.fortiguard.com/zeroday/FG-VD-17-089", "name" : "https://www.fortiguard.com/zeroday/FG-VD-17-089", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, \"ntmarta.dll\"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ultraedit:ultraedit:*:*:*:*:*:*:*:*", "versionEndIncluding" : "24.10.0.32", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2020-03-02T16:15Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12590", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html", "name" : "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html", "name" : "https://iscouncil.blogspot.com/2018/03/asus-rt-n14uhp-cross-site-scripting.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS vulnerability in the \"flag\" parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:rt-n14uhp_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.0.0.4.380.8015", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:rt-n14uhp:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-16T14:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12609", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-02-19T16:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12610", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/104899", "name" : "104899", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104899", "name" : "104899", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E", "name" : "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/b6157be1a09df332294213bd21e90dcf9fe4c1810193be54620e4210%40%3Cusers.kafka.apache.org%3E", "name" : "[kafka-users] 20180726 CVE-2017-12610: Authenticated Kafka clients may impersonate other users", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/b6157be1a09df332294213bd21e90dcf9fe4c1810193be54620e4210%40%3Cusers.kafka.apache.org%3E", "name" : "[kafka-users] 20180726 CVE-2017-12610: Authenticated Kafka clients may impersonate other users", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name" : "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E", "name" : "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication when using the built-in PLAIN or SCRAM server implementations in Apache Kafka." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.10.0.0", "versionEndIncluding" : "0.10.2.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:kafka:*:*:*:*:*:*:*:*", "versionStartIncluding" : "0.11.0.0", "versionEndIncluding" : "0.11.0.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-26T14:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12614", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f%40%3Cdev.airflow.apache.org%3E", "name" : "[dev] 20180806 CVE-2017-12614 XSS Vulnerability in Airflow < 1.9", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/2c72480c76619c5e7793f0d213c34082f0598eaa4d212172f068940f%40%3Cdev.airflow.apache.org%3E", "name" : "[dev] 20180806 CVE-2017-12614 XSS Vulnerability in Airflow < 1.9", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was noticed an XSS in certain 404 pages that could be exploited to perform an XSS attack. Chrome will detect this as a reflected XSS attempt and prevent the page from loading. Firefox and other browsers don't, and are vulnerable to this attack. Mitigation: The fix for this is to upgrade to Apache Airflow 1.9.0 or above." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.9.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-08-06T13:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12619", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2019/04/23/1", "name" : "[oss-security] 20190423 Issues fixed in previous releases of Apache Zeppelin 0.7.3 and 0.8.0 (CVE-2017-12619 CVE-2018-1317 CVE-2018-1328)", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2019/04/23/1", "name" : "[oss-security] 20190423 Issues fixed in previous releases of Apache Zeppelin 0.7.3 and 0.8.0 (CVE-2017-12619 CVE-2018-1317 CVE-2018-1328)", "refsource" : "", "tags" : [ "Mailing List", "Release Notes", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/108050", "name" : "108050", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108050", "name" : "108050", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06%40%3Cusers.zeppelin.apache.org%3E", "name" : "[zeppelin-users] 20190423 Issues fixed in previous releases of Apache Zeppelin 0.7.3 and 0.8.0 (CVE-2017-12619 CVE-2018-1317 CVE-2018-1328)", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/ff6b995a5a3ba8db4d6b14b4d9dd487e7bf2e3bdd5b375b64a25fd06%40%3Cusers.zeppelin.apache.org%3E", "name" : "[zeppelin-users] 20190423 Issues fixed in previous releases of Apache Zeppelin 0.7.3 and 0.8.0 (CVE-2017-12619 CVE-2018-1317 CVE-2018-1328)", "refsource" : "", "tags" : [ ] }, { "url" : "https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html", "name" : "https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html", "name" : "https://zeppelin.apache.org/releases/zeppelin-release-0.7.3.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by \"stone lone\"." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:zeppelin:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.7.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12622", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.apache.org/thread.html/560578479dabbdc93d0ee8746b7c857549202ef82f43aa22496aa589%40%3Cuser.geode.apache.org%3E", "name" : "[user] 20180109 [SECURITY] CVE-2017-12622 Apache Geode gfsh authorization vulnerability", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/560578479dabbdc93d0ee8746b7c857549202ef82f43aa22496aa589%40%3Cuser.geode.apache.org%3E", "name" : "[user] 20180109 [SECURITY] CVE-2017-12622 Apache Geode gfsh authorization vulnerability", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "When an Apache Geode cluster before v1.3.0 is operating in secure mode and an authenticated user connects to a Geode cluster using the gfsh tool with HTTP, the user is able to obtain status information and control cluster members even without CLUSTER:MANAGE privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:geode:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.3.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T03:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12626", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102879", "name" : "102879", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102879", "name" : "102879", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1322", "name" : "RHSA-2018:1322", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1322", "name" : "RHSA-2018:1322", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b%40%3Cdev.poi.apache.org%3E", "name" : "[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b%40%3Cdev.poi.apache.org%3E", "name" : "[dev] 20180126 CVE-2017-12626 - Denial of Service Vulnerabilities in Apache POI < 3.17", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", "name" : "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E", "name" : "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuApr2021.html", "name" : "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuApr2021.html", "name" : "https://www.oracle.com/security-alerts/cpuApr2021.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujan2020.html", "name" : "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujan2020.html", "name" : "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujan2021.html", "name" : "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujan2021.html", "name" : "https://www.oracle.com/security-alerts/cpujan2021.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpujul2020.html", "name" : "https://www.oracle.com/security-alerts/cpujul2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:poi:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.17", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-29T17:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12627", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2018/q1/203", "name" : "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions < 3.2.1 [CVE-2017-12627]", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2018/q1/203", "name" : "[oss-security] 20180301 Apache Xerces-C Security Advisory for versions < 3.2.1 [CVE-2017-12627]", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/103219", "name" : "103219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103219", "name" : "103219", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt", "name" : "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt", "name" : "http://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "refsource" : "", "tags" : [ ] }, { "url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10365", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html", "name" : "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00032.html", "name" : "[debian-lts-announce] 20180329 [SECURITY] [DLA 1328-1] xerces-c security update", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:xerces-c\\+\\+:*:*:*:*:*:*:*:*", "versionEndExcluding" : "3.2.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-01T14:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12632", "ASSIGNER" : "security@apache.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://nifi.apache.org/security.html#CVE-2017-12632", "name" : "https://nifi.apache.org/security.html#CVE-2017-12632", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://nifi.apache.org/security.html#CVE-2017-12632", "name" : "https://nifi.apache.org/security.html#CVE-2017-12632", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A malicious host header in an incoming HTTP request could cause NiFi to load resources from an external server. The fix to sanitize host headers and compare to a controlled whitelist was applied on the Apache NiFi 1.5.0 release. Users running a prior 1.x release should upgrade to the appropriate release." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.4.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T22:29Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1265", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/106234", "name" : "106234", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/106234", "name" : "106234", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124740", "name" : "ibm-guardium-cve20171265-auth-bypass(124740)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124740", "name" : "ibm-guardium-cve20171265-auth-bypass(124740)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=swg22014229", "name" : "https://www.ibm.com/support/docview.wss?uid=swg22014229", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=swg22014229", "name" : "https://www.ibm.com/support/docview.wss?uid=swg22014229", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Guardium 10.0, 10.0.1, 10.1, 10.1.2, 10.1.3, 10.1.4, and 10.5 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) techniques. IBM X-Force ID: 124740." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0", "versionEndIncluding" : "10.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-12-17T16:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12652", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/109269", "name" : "109269", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/109269", "name" : "109269", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE", "name" : "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE", "name" : "https://github.com/glennrp/libpng/blob/df7e9dae0c4aac63d55361e35709c864fa1b8363/ANNOUNCE", "refsource" : "", "tags" : [ "Release Notes", "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20220506-0003/", "name" : "https://security.netapp.com/advisory/ntap-20220506-0003/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20220506-0003/", "name" : "https://security.netapp.com/advisory/ntap-20220506-0003/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.f5.com/csp/article/K88124225", "name" : "https://support.f5.com/csp/article/K88124225", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.f5.com/csp/article/K88124225", "name" : "https://support.f5.com/csp/article/K88124225", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medium=RSS", "name" : "https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medium=RSS", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medium=RSS", "name" : "https://support.f5.com/csp/article/K88124225?utm_source=f5support&%3Butm_medium=RSS", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "libpng before 1.6.32 does not properly check the length of chunks against the user limit." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.32", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-10T15:15Z", "lastModifiedDate" : "2024-11-21T03:09Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1268", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/106339", "name" : "106339", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/106339", "name" : "106339", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124743", "name" : "ibm-guardium-cve20171268-info-disc(124743)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124743", "name" : "ibm-guardium-cve20171268-info-disc(124743)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10737077", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Guardium 10 and 10.5 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not also use a salt as part of the input. IBM X-Force ID: 124743." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0", "versionEndIncluding" : "10.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-12-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12695", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102481", "name" : "102481", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102481", "name" : "102481", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Improper Authentication issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to subvert security mechanisms and reset a user account password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gm:shanghai_onstar:7.1:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12697", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102481", "name" : "102481", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102481", "name" : "102481", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-04", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Man-in-the-Middle issue was discovered in General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client 7.1. Successful exploitation of this vulnerability may allow an attacker to intercept sensitive information when the client connects to the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gm:shanghai_onstar:7.1:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12701", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100354", "name" : "100354", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100354", "name" : "100354", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain an improper input validation vulnerability which may allow an authenticated attacker to crash the CPAP's Wi-Fi module resulting in a denial-of-service condition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:cpap:luna_cpap_machine_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "20170701", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:cpap:luna_cpap_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-17T14:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12712", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100523", "name" : "100523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100523", "name" : "100523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f0b.0e.7e", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f0b.0e.7e", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f10.08.6c", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f10.08.6c", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f14.07.80", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f14.07.80", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f17.01.49", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.3 }, "severity" : "HIGH", "exploitabilityScore" : 6.5, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-25T13:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12714", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-920" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100523", "name" : "100523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100523", "name" : "100523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f0b.0e.7e", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f0b.0e.7e", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f10.08.6c", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f10.08.6c", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f14.07.80", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f14.07.80", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f17.01.49", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.5, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-25T13:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12716", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-319" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100523", "name" : "100523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100523", "name" : "100523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f0b.0e.7e", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f0b.0e.7e", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f10.08.6c", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "f10.08.6c", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-25T13:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12718", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101252", "name" : "101252", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101252", "name" : "101252", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.exploit-db.com/exploits/43776/", "name" : "43776", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43776/", "name" : "43776", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1272", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/106237", "name" : "106237", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/106237", "name" : "106237", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124747", "name" : "ibm-guardium-cve20171272-info-disc(124747)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124747", "name" : "ibm-guardium-cve20171272-info-disc(124747)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731655", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731655", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731655", "name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731655", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Guardium 10.0 and 10.5 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 124747. IBM X-Force ID: 124747." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_guardium:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0", "versionEndIncluding" : "10.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-12-17T16:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12720", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12721", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Improper Certificate Validation issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump does not validate host certificates, leaving the pump vulnerable to a man-in-the-middle (MITM) attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12722", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101252", "name" : "101252", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101252", "name" : "101252", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12723", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Password in Configuration File issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12724", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12725", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 5.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12726", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/100665", "name" : "100665", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:smiths-medical:medfusion_4000_wireless_syringe_infusion_pump:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T10:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12729", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-243-05", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer through 1.6. An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability has been identified. Attackers can exploit this vulnerability to access SoftCMS without knowing the user's password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moxa:softcms_lab_view:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-18T19:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1275", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750", "name" : "ibm-rqm-cve20171275-xss(124750)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124750", "name" : "ibm-rqm-cve20171275-xss(124750)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124750." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12757", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ambit.com", "name" : "http://ambit.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://ambit.com", "name" : "http://ambit.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://itech.com", "name" : "http://itech.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://itech.com", "name" : "http://itech.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "https://www.exploit-db.com/exploits/42507", "name" : "https://www.exploit-db.com/exploits/42507", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42507", "name" : "https://www.exploit-db.com/exploits/42507", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_b2b_script:4.42i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_travel_script:9.49:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_social_networking_script:3.08i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_multi_vendor_script:6.63i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_movie_script:7.51i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_job_script:9.27i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_image_sharing_script:4.13i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_freelancer_script:5.27i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_dating_script:3.40i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_classifieds_script:7.41i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_caregiver_script:2.71i:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ambittechnologies:itech_business_networking_script:8.26i:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T18:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12758", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://joomlaextension.biz/appointment/", "name" : "http://joomlaextension.biz/appointment/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://joomlaextension.biz/appointment/", "name" : "http://joomlaextension.biz/appointment/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.exploit-db.com/exploits/42492", "name" : "https://www.exploit-db.com/exploits/42492", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42492", "name" : "https://www.exploit-db.com/exploits/42492", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:joomlaextensions:component_appointment:1.1:*:*:*:*:joomla\\!:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T18:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12759", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://demo.ynetinteractive.com/soa/", "name" : "http://demo.ynetinteractive.com/soa/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://demo.ynetinteractive.com/soa/", "name" : "http://demo.ynetinteractive.com/soa/", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://soa.com", "name" : "http://soa.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://soa.com", "name" : "http://soa.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "https://www.exploit-db.com/exploits/42499", "name" : "https://www.exploit-db.com/exploits/42499", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42499", "name" : "https://www.exploit-db.com/exploits/42499", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ynetinteractive:soa_school_management:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T18:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12760", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://demo.ynetinteractive.com/mobiketa/index.php?url=myCampaign&view=-9999%27+/%2A%2150000union%2A/+select=%5BSQL%5D", "name" : "http://demo.ynetinteractive.com/mobiketa/index.php?url=myCampaign&view=-9999%27+/%2A%2150000union%2A/+select=%5BSQL%5D", "refsource" : "", "tags" : [ ] }, { "url" : "http://demo.ynetinteractive.com/mobiketa/index.php?url=myCampaign&view=-9999%27+/%2A%2150000union%2A/+select=%5BSQL%5D", "name" : "http://demo.ynetinteractive.com/mobiketa/index.php?url=myCampaign&view=-9999%27+/%2A%2150000union%2A/+select=%5BSQL%5D", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/41283", "name" : "https://www.exploit-db.com/exploits/41283", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/41283", "name" : "https://www.exploit-db.com/exploits/41283", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ynetinteractive:mobiketa:3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T18:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12761", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://codecanyon.net/user/Endober", "name" : "http://codecanyon.net/user/Endober", "refsource" : "", "tags" : [ "Not Applicable", "Third Party Advisory" ] }, { "url" : "http://codecanyon.net/user/Endober", "name" : "http://codecanyon.net/user/Endober", "refsource" : "", "tags" : [ "Not Applicable", "Third Party Advisory" ] }, { "url" : "http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php", "name" : "http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php", "name" : "http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "http://webfile.com", "name" : "http://webfile.com", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "http://webfile.com", "name" : "http://webfile.com", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/42440", "name" : "https://www.exploit-db.com/exploits/42440", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42440", "name" : "https://www.exploit-db.com/exploits/42440", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:webfile_explorer_project:webfile_explorer:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T18:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1277", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124752", "name" : "ibm-rqm-cve20171277-xss(124752)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124752", "name" : "ibm-rqm-cve20171277-xss(124752)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124752." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12778", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://archive.is/eF2GR", "name" : "http://archive.is/eF2GR", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "http://archive.is/eF2GR", "name" : "http://archive.is/eF2GR", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password", "name" : "https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password", "name" : "https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password", "refsource" : "", "tags" : [ ] }, { "url" : "https://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada", "name" : "https://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada", "refsource" : "", "tags" : [ ] }, { "url" : "https://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada", "name" : "https://medium.com/%40BaYinMin/cve-2017-12778-qbittorrent-ui-lock-authentication-bypass-30959ff55ada", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\\Users\\\\Roaming\\qBittorrent pathname. The attacker must change the value of the \"locked\" attribute to \"false\" within the \"Locking\" stanza. NOTE: This is an intended behavior. See https://github.com/qbittorrent/qBittorrent/wiki/I-forgot-my-UI-lock-password" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qbittorrent:qbittorrent:3.3.15:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T17:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12788", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "name" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "name" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:metinfo:metinfo:5.3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-09T15:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12789", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "name" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "name" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:metinfo:metinfo:5.3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-10T15:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1279", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22006392", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124757", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124757", "refsource" : "", "tags" : [ "Patch", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124757", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124757", "refsource" : "", "tags" : [ "Patch", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 124757." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tealeaf_customer_experience:9.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tealeaf_customer_experience:8.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:tealeaf_customer_experience:8.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T21:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12790", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-352" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "name" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "name" : "https://github.com/lemon666/vuln/blob/master/MetInfo5.3.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:metinfo:metinfo:5.3.18:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-09T17:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12795", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://openmrs.com", "name" : "http://openmrs.com", "refsource" : "", "tags" : [ "Product", "Vendor Advisory" ] }, { "url" : "http://openmrs.com", "name" : "http://openmrs.com", "refsource" : "", "tags" : [ "Product", "Vendor Advisory" ] }, { "url" : "http://openmrs-module-htmlformentry.com", "name" : "http://openmrs-module-htmlformentry.com", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://openmrs-module-htmlformentry.com", "name" : "http://openmrs-module-htmlformentry.com", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://github.com/openmrs/openmrs-module-htmlformentry/commit/86f35221c8a57cdd7557ce731a56b90db216c8e0", "name" : "https://github.com/openmrs/openmrs-module-htmlformentry/commit/86f35221c8a57cdd7557ce731a56b90db216c8e0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/openmrs/openmrs-module-htmlformentry/commit/86f35221c8a57cdd7557ce731a56b90db216c8e0", "name" : "https://github.com/openmrs/openmrs-module-htmlformentry/commit/86f35221c8a57cdd7557ce731a56b90db216c8e0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/openmrs/openmrs-module-htmlformentry/compare/f50bdf1...cc0be04", "name" : "https://github.com/openmrs/openmrs-module-htmlformentry/compare/f50bdf1...cc0be04", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/openmrs/openmrs-module-htmlformentry/compare/f50bdf1...cc0be04", "name" : "https://github.com/openmrs/openmrs-module-htmlformentry/compare/f50bdf1...cc0be04", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:openmrs:openmrs-module-htmlformentry:3.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-10T15:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1280", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758", "name" : "ibm-rqm-cve20171280-xss(124758)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124758", "name" : "ibm-rqm-cve20171280-xss(124758)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124758." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12804", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/jsummers/imageworsener/issues/30", "name" : "https://github.com/jsummers/imageworsener/issues/30", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/jsummers/imageworsener/issues/30", "name" : "https://github.com/jsummers/imageworsener/issues/30", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:entropymine:imageworsener:1.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-09T16:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12805", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html", "name" : "openSUSE-SU-2019:1683", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html", "name" : "openSUSE-SU-2019:1683", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/664", "name" : "https://github.com/ImageMagick/ImageMagick/issues/664", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/664", "name" : "https://github.com/ImageMagick/ImageMagick/issues/664", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html", "name" : "[debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/08/msg00030.html", "name" : "[debian-lts-announce] 20200818 [SECURITY] [DLA 2333-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "name" : "FEDORA-2019-da4c20882c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "name" : "FEDORA-2019-da4c20882c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "name" : "FEDORA-2019-425a1aa7c9", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "name" : "FEDORA-2019-425a1aa7c9", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4034-1/", "name" : "USN-4034-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4034-1/", "name" : "USN-4034-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:7.0.6-6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T16:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12806", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html", "name" : "openSUSE-SU-2019:1683", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00001.html", "name" : "openSUSE-SU-2019:1683", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/660", "name" : "https://github.com/ImageMagick/ImageMagick/issues/660", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ImageMagick/ImageMagick/issues/660", "name" : "https://github.com/ImageMagick/ImageMagick/issues/660", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "name" : "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/09/msg00007.html", "name" : "[debian-lts-announce] 20200907 [SECURITY] [DLA 2366-1] imagemagick security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "name" : "FEDORA-2019-da4c20882c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PF62B5PJA2JDUOCKJGUQO3SPL74BEYSV/", "name" : "FEDORA-2019-da4c20882c", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "name" : "FEDORA-2019-425a1aa7c9", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WHIKB4TP6KBJWT2UIPWL5MWMG5QXKGEJ/", "name" : "FEDORA-2019-425a1aa7c9", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4034-1/", "name" : "USN-4034-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4034-1/", "name" : "USN-4034-1", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:imagemagick:imagemagick:7.0.6-6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-09T16:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12807", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12799. Reason: This candidate is a reservation duplicate of CVE-2017-12799. Notes: All CVE users should reference CVE-2017-12799 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-14T13:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1281", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124759", "name" : "ibm-rqm-cve20171281-xss(124759)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/124759", "name" : "ibm-rqm-cve20171281-xss(124759)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 124759." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12815", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/archive/1/541885/100/0/threaded", "name" : "20180322 Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/archive/1/541885/100/0/threaded", "name" : "20180322 Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/content/JavaStart.jar and is callable from an arbitrary website using and/or tags. Successful exploitation results in file creation/modification/deletion in the operating system and with privileges of the user that ran the Java applet." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bomgar:remote_support:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 10.0, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-26T21:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12826", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12827", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12828", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12829", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12830", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12831", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12832", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12833", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12834", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12835", "ASSIGNER" : "cert@airbus.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12839", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://sourceforge.net/p/mpg123/bugs/255/", "name" : "https://sourceforge.net/p/mpg123/bugs/255/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://sourceforge.net/p/mpg123/bugs/255/", "name" : "https://sourceforge.net/p/mpg123/bugs/255/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.mpg123.de/", "name" : "https://www.mpg123.de/", "refsource" : "", "tags" : [ "Product", "Vendor Advisory" ] }, { "url" : "https://www.mpg123.de/", "name" : "https://www.mpg123.de/", "refsource" : "", "tags" : [ "Product", "Vendor Advisory" ] }, { "url" : "https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date", "name" : "https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date", "name" : "https://www.mpg123.de/cgi-bin/scm/mpg123/trunk/src/libmpg123/getbits.h?r1=2024&r2=4323&sortby=date", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mpg123:mpg123:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.25.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "LOW", "baseScore" : 8.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-09T17:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12842", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", "name" : "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", "name" : "https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "name" : "https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", "name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", "name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-February/016697.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:bitcoin:bitcoin_core:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.14.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-03-16T20:15Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1286", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147", "name" : "ibm-ucd-cve20171286-info-disc(125147)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125147", "name" : "ibm-ucd-cve20171286-info-disc(125147)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377", "name" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] }, { "url" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377", "name" : "https://www.ibm.com/support/docview.wss?uid=swg2C1000377", "refsource" : "", "tags" : [ "Broken Link", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sensitive information about the configuration of the IBM UrbanCode Deploy 6.1 through 6.9.6.0 server and database can be obtained by a user who has been given elevated permissions in the UI, even after those elevated permissions have been revoked. IBM X-Force ID: 125147." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:*:*:*:*:*:*:*:*", "versionStartExcluding" : "6.1", "versionEndIncluding" : "6.9.6.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12880", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-11424. Reason: This candidate is a duplicate of CVE-2017-11424. Notes: All CVE users should reference CVE-2017-11424 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-16T14:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12884", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://app.com", "name" : "http://app.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://app.com", "name" : "http://app.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-10T16:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12885", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://app.com", "name" : "http://app.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://app.com", "name" : "http://app.com", "refsource" : "", "tags" : [ "Not Applicable" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-10T15:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1293", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154", "name" : "ibm-rqm-cve20171293-xss(125154)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125154", "name" : "ibm-rqm-cve20171293-xss(125154)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125154." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1294", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155", "name" : "ibm-rqm-cve20171294-xss(125155)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125155", "name" : "ibm-rqm-cve20171294-xss(125155)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125155." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-12945", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/155494/Mersive-Solstice-2.8.0-Remote-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://documentation.mersive.com/content/pages/release-notes.htm", "name" : "https://documentation.mersive.com/content/pages/release-notes.htm", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.mersive.com/content/pages/release-notes.htm", "name" : "https://documentation.mersive.com/content/pages/release-notes.htm", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://github.com/aress31/cve-2017-12945", "name" : "https://github.com/aress31/cve-2017-12945", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/aress31/cve-2017-12945", "name" : "https://github.com/aress31/cve-2017-12945", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/47722", "name" : "47722", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/47722", "name" : "47722", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:mersive:solstice_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.8.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:mersive:solstice:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-11-27T16:15Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1298", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-8106. Reason: This candidate is a reservation duplicate of CVE-2016-8106. Notes: All CVE users should reference CVE-2016-8106 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-04-28T17:59Z", "lastModifiedDate" : "2023-11-07T02:42Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1299", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161", "name" : "ibm-rqm-cve20171299-xss(125161)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125161", "name" : "ibm-rqm-cve20171299-xss(125161)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125161." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1306", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460", "name" : "ibm-rqm-cve20171306-xss(125460)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125460", "name" : "ibm-rqm-cve20171306-xss(125460)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125460." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13072", "ASSIGNER" : "security@qnap.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.qnap.com/en/security-advisory/nas-201805-16", "name" : "https://www.qnap.com/en/security-advisory/nas-201805-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.qnap.com/en/security-advisory/nas-201805-16", "name" : "https://www.qnap.com/en/security-advisory/nas-201805-16", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qnap:qts:4.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qnap:qts:4.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qnap:qts:4.2.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-06-21T13:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13073", "ASSIGNER" : "security@qnap.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201804-23", "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201804-23", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201804-23", "name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201804-23", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndIncluding" : "5.4.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qnap:photo_station:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-23T14:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13091", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified padding in CBC mode allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:-:-:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T20:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13092", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including improperly specified HDL syntax allows use of an EDA tool as a decryption oracle. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:-:-:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T20:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13093", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of encrypted IP cyphertext to insert hardware trojans. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:-:-:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T20:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13094", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of the encryption key and insertion of hardware trojans in any IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:-:-:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T20:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13095", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of a license-deny response to a license grant. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:-:-:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T20:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13096", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax access control. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:-:-:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T20:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13097", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101699", "name" : "101699", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/739007", "name" : "VU#739007", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The P1735 IEEE standard describes flawed methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP, including modification of Rights Block to remove or relax license requirement. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:-:-:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T20:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13100", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:distinctdev:the_moron_test:6.3.1:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13101", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:tiktok:musical.ly:6.1.6:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13102", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Gameloft Asphalt Xtreme: Offroad Rally Racing, 1.6.0, 2017-08-13, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:gameloft:asphalt_xtreme:1.6.0:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13103", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13104", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Uber Technologies, Inc. UberEATS: Uber for Food Delivery, 1.108.10001, 2017-11-02, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:uber:ubereats:1.108.10001:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13105", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication. This opens the application up to a man-in-the-middle attack having all of its encrypted traffic intercepted and read by an attacker." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:hisecuritylab:virus_cleaner:3.7.1.1329:*:*:*:*:android:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13106", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:cmcm:cm_launcher_3d:5.0.3:*:*:*:*:android:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13107", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:liveme:liveme:3.7.20:*:*:*:*:android:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13108", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.kb.cert.org/vuls/id/787952", "name" : "VU#787952", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:psafe:dfndr_security:5.0.9:*:*:*:*:android:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-15T22:29Z", "lastModifiedDate" : "2024-11-21T03:10Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13109", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13110", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13111", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13112", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13113", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13114", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13115", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13116", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13117", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13118", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13119", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1312", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723", "name" : "ibm-rqm-cve20171312-xss(125723)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125723", "name" : "ibm-rqm-cve20171312-xss(125723)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125723." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13120", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13121", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13122", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13123", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13124", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13125", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13126", "ASSIGNER" : "cert@cert.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1313", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125724", "name" : "ibm-rqm-cve20171313-xss(125724)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125724", "name" : "ibm-rqm-cve20171313-xss(125724)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125724." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1314", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725", "name" : "ibm-rqm-cve20171314-xss(125725)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125725", "name" : "ibm-rqm-cve20171314-xss(125725)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125725." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1315", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727", "name" : "ibm-rqm-cve20171315-xss(125727)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125727", "name" : "ibm-rqm-cve20171315-xss(125727)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125727." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1316", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125728", "name" : "ibm-rqm-cve20171316-xss(125728)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125728", "name" : "ibm-rqm-cve20171316-xss(125728)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125728." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1317", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125729", "name" : "ibm-rqm-cve20171317-xss(125729)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/125729", "name" : "ibm-rqm-cve20171317-xss(125729)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715749", "name" : "https://www-prd-trops.events.ibm.com/node/715749", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125729." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:6.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13176", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102422", "name" : "102422", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102422", "name" : "102422", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13177", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68320413." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13178", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" }, { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the initDecoder function of SoftAVCDec, there is a possible out-of-bounds write to mCodecCtx due to a use after free when buffer allocation fails. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969281." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13179", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" }, { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the ihevcd_allocate_static_bufs and ihevcd_create functions of SoftHEVC, there is a possible out-of-bounds write due to a use after free. Both ps_codec_obj and ps_create_op->s_ivd_create_op_t.pv_handle point to the same memory and ps_codec_obj could be freed without clearing ps_create_op->s_ivd_create_op_t.pv_handle. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969193." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13180", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" }, { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-66969349." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13181", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-415" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67864232." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13182", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67737022." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13183", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102421", "name" : "102421", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102421", "name" : "102421", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, there is a possible use after free due to a race condition if the user frees the buffer while it's being used in another thread. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.1. Android ID: A-38118127." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:H/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.2 }, "severity" : "MEDIUM", "exploitabilityScore" : 1.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13184", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-65483324." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13185", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d", "name" : "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d", "name" : "https://android.googlesource.com/platform/external/libhevc/+/2b9fb0c2074d370a254b35e2489de2d94943578d", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-65123471." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13186", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9", "name" : "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9", "name" : "https://android.googlesource.com/platform/external/libavc/+/6c327afb263837bc90760c55c6605b26161a4eb9", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the Android media framework (libavc) related to incorrect use of mmco parameters. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65735716." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13187", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5", "name" : "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5", "name" : "https://android.googlesource.com/platform/external/libhevc/+/7c9be319a279654e55a6d757265f88c61a16a4d5", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65034175." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13188", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189", "name" : "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189", "name" : "https://android.googlesource.com/platform/external/aac/+/8e3be529372892e20ccf196809bc73276c822189", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (aac). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65280786." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13189", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-770" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a", "name" : "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a", "name" : "https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13190", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-770" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600", "name" : "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600", "name" : "https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13191", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the ihevcd_decode function of ihevcd_decode.c, there is an infinite loop due to an incomplete frame error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380403." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13192", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the ihevcd_parse_slice_header function of ihevcd_parse_slice_header.c a slice address of zero after the first slice could result in an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380202." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13193", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ihevcd_decode.c there is a possible infinite loop due to bytes for an sps of unsupported resolution resulting in the same sps being fed in over and over. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65718319." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13194", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9", "name" : "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9", "name" : "https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html", "name" : "[debian-lts-announce] 20180224 [SECURITY] [DLA 1290-1] libvpx security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00025.html", "name" : "[debian-lts-announce] 20180224 [SECURITY] [DLA 1290-1] libvpx security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://usn.ubuntu.com/4199-1/", "name" : "USN-4199-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4199-1/", "name" : "USN-4199-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4199-2/", "name" : "USN-4199-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/4199-2/", "name" : "USN-4199-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4132", "name" : "DSA-4132", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4132", "name" : "DSA-4132", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the Android media framework (libvpx) related to odd frame width. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64710201." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13195", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several parameter values could be negative which could lead to negative indexes which could lead to an infinite loop. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65398821." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13196", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In several places in ihevcd_decode.c, a dead loop could occur due to incomplete frames which could lead to memory leaks. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63522067." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13197", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the ihevcd_parse_slice.c function, slave threads are not joined if there is an error. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64784973." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13198", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3", "name" : "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3", "name" : "https://android.googlesource.com/platform/frameworks/ex/+/ede8f95361dcbf9757aaf6d25ce59fa3767344e3", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in the Android media framework (ex) related to composition of frames lacking a color map. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399117." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13199", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-755" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102414", "name" : "102414", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-33846679." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13200", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5", "name" : "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5", "name" : "https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13201", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102529", "name" : "102529", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102529", "name" : "102529", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13202", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102521", "name" : "102521", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102521", "name" : "102521", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67647856." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13203", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848", "name" : "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848", "name" : "https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13204", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae", "name" : "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae", "name" : "https://android.googlesource.com/platform/external/libavc/+/42cf02965b11c397dd37a0063e683cef005bc0ae", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64380237." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13205", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6", "name" : "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6", "name" : "https://android.googlesource.com/platform/external/libmpeg2/+/29a78a11844fc027fa44be7f8bd8dc1cf8bf89f6", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-64550583." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 7.8, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13206", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102523", "name" : "102523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102523", "name" : "102523", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (aacdec). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65025048." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13207", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102526", "name" : "102526", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102526", "name" : "102526", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Android media framework (stagefright mpeg4writer). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37564426." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13208", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13209", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43513/", "name" : "43513", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43513/", "name" : "43513", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217907." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13210", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, there is an out-of-bounds write if metadataSize is too small. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67782345." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13211", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102415", "name" : "102415", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible resource exhaustion if a large number of repeated BLE scan results are received. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0. Android ID: A-65174158." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13212", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13213", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-63374465. References: B-V2017081501." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13214", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102416", "name" : "102416", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102416", "name" : "102416", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the hardware HEVC decoder, some media files could cause a page fault. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38495900." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13215", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102390", "name" : "102390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102390", "name" : "102390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2384", "name" : "RHSA-2018:2384", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2384", "name" : "RHSA-2018:2384", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2395", "name" : "RHSA-2018:2395", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2395", "name" : "RHSA-2018:2395", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1170", "name" : "RHSA-2019:1170", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1170", "name" : "RHSA-2019:1170", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1190", "name" : "RHSA-2019:1190", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1190", "name" : "RHSA-2019:1190", "refsource" : "", "tags" : [ ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13216", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102390", "name" : "102390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102390", "name" : "102390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43464/", "name" : "43464", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43464/", "name" : "43464", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13217", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102423", "name" : "102423", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102423", "name" : "102423", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In DisplayFtmItem in the bootloader, there is an out-of-bounds write due to reading a string without verifying that it's null-terminated. This could lead to a secure boot bypass and a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-68269077." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13218", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/102390", "name" : "102390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102390", "name" : "102390", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", "name" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", "name" : "https://www.codeaurora.org/security-bulletin/2018/06/04/june-2018-code-aurora-security-bulletin", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.7 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13219", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability in the Upstream kernel synaptics touchscreen controller. Product: Android. Versions: Android kernel. Android ID: A-62800865." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13220", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-843" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536155", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536155", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536155", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1536155", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1076537", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1076537", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1076537", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1076537", "refsource" : "", "tags" : [ ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a", "refsource" : "", "tags" : [ ] }, { "url" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a", "name" : "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=51bda2bca53b265715ca1852528f38dc67429d9a", "refsource" : "", "tags" : [ ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html", "name" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html", "name" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-13220", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-13220", "refsource" : "", "tags" : [ ] }, { "url" : "https://security-tracker.debian.org/tracker/CVE-2017-13220", "name" : "https://security-tracker.debian.org/tracker/CVE-2017-13220", "refsource" : "", "tags" : [ ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://usn.ubuntu.com/3655-1/", "name" : "USN-3655-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3655-1/", "name" : "USN-3655-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3655-2/", "name" : "USN-3655-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3655-2/", "name" : "USN-3655-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4187", "name" : "DSA-4187", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4187", "name" : "DSA-4187", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13221", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in the Upstream kernel wifi driver. Product: Android. Versions: Android kernel. Android ID: A-64709938." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13222", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An information disclosure vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-38159576." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13225", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102420", "name" : "102420", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102420", "name" : "102420", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In libMtkOmxVdec.so there is a possible heap buffer overflow. This could lead to a remote elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38308024. References: M-ALPS03495789." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13226", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An elevation of privilege vulnerability in the MediaTek mtk. Product: Android. Versions: Android kernel. Android ID: A-32591194. References: M-ALPS03149184." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T23:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13227", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-06-01", "name" : "https://source.android.com/security/bulletin/2018-06-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the autofill service, the package name that is provided by the app process is trusted inappropriately.  This could lead to information disclosure with no additional execution privileges needed.  User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-14T23:15Z", "lastModifiedDate" : "2024-11-20T17:35Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13228", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478425." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13229", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103016", "name" : "103016", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103016", "name" : "103016", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A remote code execution vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68160703." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13230", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-65483665." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13231", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In libmediadrm, there is an out-of-bounds write due to improper input validation. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-67962232." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13232", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In audioserver, there is an out-of-bounds write due to a log statement using %s with an array that may not be NULL terminated. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68953950." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13233", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible resource exhaustion. This could lead to a remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62851602." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13234", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102976", "name" : "102976", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In DLSParser of the sonivox library, there is possible resource exhaustion due to a memory leak. This could lead to remote temporary denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68159767." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13235", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A other vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-68342866." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13236", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102979", "name" : "102979", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102979", "name" : "102979", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43996/", "name" : "43996", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43996/", "name" : "43996", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13238", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103024", "name" : "103024", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103024", "name" : "103024", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In XBLRamDump mode, there is a debug feature that can be used to dump memory contents, if an attacker has physical access to the device. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-64610940." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.2, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.5, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.7 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13239", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103012", "name" : "103012", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/103012", "name" : "103012", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android framework (ui framework). Product: Android. Versions: 8.0. ID: A-66244132." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13240", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103011", "name" : "103011", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103011", "name" : "103011", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13241", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103017", "name" : "103017", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103017", "name" : "103017", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13242", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103014", "name" : "103014", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103014", "name" : "103014", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13243", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103013", "name" : "103013", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103013", "name" : "103013", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13244", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103008", "name" : "103008", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103008", "name" : "103008", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the Upstream kernel easel. Product: Android. Versions: Android kernel. ID: A-62678986." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13245", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103008", "name" : "103008", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103008", "name" : "103008", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the Upstream kernel audio driver. Product: Android. Versions: Android kernel. ID: A-64315347." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13246", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103029", "name" : "103029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103029", "name" : "103029", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Upstream kernel network driver. Product: Android. Versions: Android kernel. ID: A-36279469." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13247", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103027", "name" : "103027", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103027", "name" : "103027", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-71486645." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-12T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13248", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there is an out of bound write due to a missing bounds check. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70349612." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13249", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an out of bound write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70399408." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13250", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71375536." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13251", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69269702." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13252", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70526702." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13253", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103255", "name" : "103255", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44291/", "name" : "44291", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44291/", "name" : "44291", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71389378." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13254", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A other vulnerability in the Android media framework (AACExtractor). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70239507." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13255", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.3 }, "severity" : "HIGH", "exploitabilityScore" : 6.5, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13256", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68817966." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 8.3 }, "severity" : "HIGH", "exploitabilityScore" : 6.5, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13257", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after free that can result in an out of bounds read of memory allocated via malloc. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110692." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13258", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67863755." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13259", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In functionality implemented in sdp_discovery.cc, there are possible out of bounds reads due to missing bounds checks. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68161546." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13260", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177251." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13261", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177292." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13262", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44326/", "name" : "44326", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/44327/", "name" : "44327", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing length decrement operation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69271284." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13263", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 8.0, 8.1. Android ID: A-69383160." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13264", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13265", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13266", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69478941." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13267", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69479009." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13268", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67058064." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13269", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68818034." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3 }, "severity" : "LOW", "exploitabilityScore" : 6.5, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13270", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69474744." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13271", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-69006799." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13272", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103253", "name" : "103253", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In alarm_ready_generic of alarm.cc, there is a possible out of bounds write due to a use after free. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67110137." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13273", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In xt_qtaguid.c, there is a race condition due to insufficient locking. This could lead to local elevation of privileges with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-65853158." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T02:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13274", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-346" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71360761." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13275", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In getVSCoverage of CmapCoverage.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-70808908." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 1.9 }, "severity" : "LOW", "exploitabilityScore" : 3.4, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13276", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70637599." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13277", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72165027." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13278", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13279", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-834" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68399439." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13280", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71361451." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13281", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-71603262." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13282", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603315." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13283", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/105482", "name" : "105482", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/105482", "name" : "105482", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603410." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13284", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70808273." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13285", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13286", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69683251." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13287", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71714464." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13288", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-682" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-69634768." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13289", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-131" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70398564." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1329", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716201", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231", "name" : "ibm-rqm-cve20171329-html-injection(126231)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126231", "name" : "ibm-rqm-cve20171329-html-injection(126231)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Quality Manager (RQM) 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0", "versionEndIncluding" : "5.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "6.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13290", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69384124." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.2, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.5, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13291", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71603553." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13292", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-70722061. References: B-V2018010201." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13293", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-04-01", "name" : "https://source.android.com/security/bulletin/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the nfc_hci_cmd_received() function of core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-62679701." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13294", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android framework (aosp email application). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71814449." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13295", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13296", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13297", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13298", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13299", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13300", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13301", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13302", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-69969749." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13303", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Broadcom bcmdhd driver. Product: Android. Versions: Android kernel. Android ID: A-71359108. References: B-V2018010501." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13304", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13305", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:2165", "name" : "RHSA-2018:2165", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2165", "name" : "RHSA-2018:2165", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html", "name" : "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html", "name" : "[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html", "name" : "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html", "name" : "[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://usn.ubuntu.com/3631-1/", "name" : "USN-3631-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3631-1/", "name" : "USN-3631-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3631-2/", "name" : "USN-3631-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3631-2/", "name" : "USN-3631-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3655-1/", "name" : "USN-3655-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3655-1/", "name" : "USN-3655-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3655-2/", "name" : "USN-3655-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3655-2/", "name" : "USN-3655-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13306", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the Upstream kernel mnh driver. Product: Android. Versions: Android kernel. Android ID: A-70295063." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13307", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A elevation of privilege vulnerability in the Upstream kernel pci sysfs. Product: Android. Versions: Android kernel. Android ID: A-69128924." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-04T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13308", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-12-05T22:15Z", "lastModifiedDate" : "2024-12-19T16:54Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13309", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-05-01", "name" : "https://source.android.com/security/bulletin/2018-05-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-15T21:15Z", "lastModifiedDate" : "2024-12-17T20:31Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13310", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-276" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-05-01", "name" : "https://source.android.com/security/bulletin/2018-05-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-15T22:15Z", "lastModifiedDate" : "2024-12-17T20:29Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13311", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-05-01", "name" : "https://source.android.com/security/bulletin/2018-05-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-15T22:15Z", "lastModifiedDate" : "2024-12-18T15:00Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13312", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-05-01", "name" : "https://source.android.com/security/bulletin/2018-05-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-15T22:15Z", "lastModifiedDate" : "2024-12-18T14:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13313", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-835" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-05-01", "name" : "https://source.android.com/security/bulletin/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-15T22:15Z", "lastModifiedDate" : "2024-12-18T14:44Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13314", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-05-01", "name" : "https://source.android.com/security/bulletin/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-15T22:15Z", "lastModifiedDate" : "2024-12-18T14:36Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13315", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-131" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-05-01", "name" : "https://source.android.com/security/bulletin/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-19T18:15Z", "lastModifiedDate" : "2024-12-18T14:23Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13316", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-862" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-27T20:15Z", "lastModifiedDate" : "2024-12-18T19:49Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13317", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In HeifDecoderImpl::getScanline of HeifDecoderImpl.cpp, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T17:15Z", "lastModifiedDate" : "2025-01-28T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13318", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In HeifDataSource::readAt of HeifDecoderImpl.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2025-01-28T17:15Z", "lastModifiedDate" : "2025-01-28T20:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13319", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-27T20:15Z", "lastModifiedDate" : "2024-12-18T20:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13320", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-27T22:15Z", "lastModifiedDate" : "2024-12-18T20:30Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13321", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2024-11-27T22:15Z", "lastModifiedDate" : "2024-12-18T20:32Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13322", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 } }, "publishedDate" : "2025-01-17T23:15Z", "lastModifiedDate" : "2025-03-13T14:15Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13323", "ASSIGNER" : "security@android.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "name" : "https://source.android.com/docs/security/bulletin/pixel/2018-05-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 } }, "publishedDate" : "2024-11-27T22:15Z", "lastModifiedDate" : "2024-12-18T20:33Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1350", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005503", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005503", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22005503", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22005503", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/104550", "name" : "104550", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104550", "name" : "104550", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1041042", "name" : "1041042", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1041042", "name" : "1041042", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126526", "name" : "ibm-infosphere-cve20171350-priv-escalation(126526)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126526", "name" : "ibm-infosphere-cve20171350-priv-escalation(126526)", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 could allow a user to escalate their privileges to administrator due to improper access controls. IBM X-Force ID: 126526." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_information_server:11.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_information_server:11.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-05T15:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13651", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-05-08T15:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13652", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.netapp.com/advisory/ntap-20180731-0001/", "name" : "https://security.netapp.com/advisory/ntap-20180731-0001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20180731-0001/", "name" : "https://security.netapp.com/advisory/ntap-20180731-0001/", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "NetApp OnCommand Insight version 7.3.0 and versions prior to 7.2.0 are susceptible to clickjacking attacks which could cause a user to perform an unintended action in the user interface." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_insight:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_insight:7.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-31T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13653", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-05-08T16:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13654", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-05-08T16:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13655", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-05-08T15:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13656", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-05-08T15:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13657", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-05-08T15:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1366", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126859", "name" : "ibm-sig-cve20171366-info-disc(126859)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126859", "name" : "ibm-sig-cve20171366-info-disc(126859)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 126859." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13667", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.9, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.1, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-23T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13668", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1367", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126860", "name" : "ibm-sig-cve20171367-info-disc(126860)", "refsource" : "", "tags" : [ "Not Applicable", "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126860", "name" : "ibm-sig-cve20171367-info-disc(126860)", "refsource" : "", "tags" : [ "Not Applicable", "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 126860." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13677", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103685", "name" : "103685", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103685", "name" : "103685", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040757", "name" : "1040757", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040757", "name" : "1040757", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7", "versionEndExcluding" : "6.7.3.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.6", "versionEndExcluding" : "6.6.5.14", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.6", "versionEndExcluding" : "6.6.5.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.5", "versionEndExcluding" : "6.5.10.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7", "versionEndExcluding" : "6.7.3.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-11T14:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13678", "ASSIGNER" : "secure@symantec.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103685", "name" : "103685", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103685", "name" : "103685", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040757", "name" : "1040757", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040757", "name" : "1040757", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "name" : "https://www.symantec.com/security-center/network-protection-security-advisories/SA162", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.6", "versionEndExcluding" : "6.6.5.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7.4", "versionEndExcluding" : "6.7.4.107", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7.3", "versionEndExcluding" : "6.7.3.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7.4", "versionEndExcluding" : "6.7.4.107", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.7.3", "versionEndExcluding" : "6.7.3.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.6", "versionEndExcluding" : "6.6.5.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.5", "versionEndExcluding" : "6.5.10.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-11T14:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1368", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-384" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126861", "name" : "ibm-sig-cve20171368-info-disc(126861)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/126861", "name" : "ibm-sig-cve20171368-info-disc(126861)", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 126861." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-08-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13696", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/42557", "name" : "42557", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42557", "name" : "42557", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42558/", "name" : "42558", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42558/", "name" : "42558", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42559/", "name" : "42559", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42559/", "name" : "42559", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42560/", "name" : "42560", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/42560/", "name" : "42560", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get", "name" : "https://www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get", "name" : "https://www.rapid7.com/db/modules/exploit/windows/http/disk_pulse_enterprise_get", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A buffer overflow vulnerability lies in the web server component of Dup Scout Enterprise 9.9.14, Disk Savvy Enterprise 9.9.14, Sync Breeze Enterprise 9.9.16, and Disk Pulse Enterprise 9.9.16 where an attacker can craft a malicious GET request and exploit the web server component. Successful exploitation of the software will allow an attacker to gain complete access to the system with NT AUTHORITY / SYSTEM level privileges. The vulnerability lies due to improper handling and sanitization of the incoming request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flexense:dupscout:9.9.14:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flexense:disksavvy:9.9.14:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flexense:syncbreeze:9.9.16:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flexense:diskpulse:9.9.16:*:*:*:enterprise:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13717", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-255" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "name" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "name" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Starry Station (aka Starry Router) sets the Access-Control-Allow-Origin header to \"*\". This allows any hosted file on any domain to make calls to the device's webserver and brute force the credentials and pull any information that is stored on the device. In this case, a user's Wi-Fi credentials are stored in clear text on the device and can be pulled easily." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:starry:s00111_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:starry:s00111:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-06-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13718", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-254" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "name" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "name" : "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called \"rodman\" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to \"*\", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:starry:s00111_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:starry:s00111:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.1, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-06-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13719", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html", "name" : "http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf", "name" : "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://seclists.org/bugtraq/2019/Jun/8", "name" : "20190609 Newly releases IoT security issues", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Amcrest IPM-721S Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 allows HTTP requests that permit enabling various functionalities of the camera by using HTTP APIs, instead of the web management interface that is provided by the application. This HTTP API receives the credentials as base64 encoded in the Authorization HTTP header. However, a missing length check in the code allows an attacker to send a string of 1024 characters in the password field, and allows an attacker to exploit a memory corruption issue. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version Amcrest_IPC-AWXX_Eng_N_V2.420.AC00.17.R.20170322 is dissected using the binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that has many of the binaries in the /usr folder. The binary \"sonia\" is the one that has the vulnerable function that performs the credential check in the binary for the HTTP API specification. If we open this binary in IDA Pro we will notice that this follows an ARM little-endian format. The function at address 00415364 in IDA Pro starts the HTTP authentication process. This function calls another function at sub_ 0042CCA0 at address 0041549C. This function performs a strchr operation after base64 decoding the credentials, and stores the result on the stack, which results in a stack-based buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:amcrest:ipm-721s_firmware:amcrest_ipc-awxx_eng_n_v2.420.ac00.17.r.20170322:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:amcrest:ipm-721s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-07-03T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13753", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-9396. Reason: This candidate is a duplicate of CVE-2016-9396. Notes: All CVE users should reference CVE-2016-9396 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-08-29T06:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13806", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Profiles\" component. It does not enforce the configuration profile's settings for whether pairings are allowed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13826", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-10140. Reason: This candidate is a reservation duplicate of CVE-2017-10140. Notes: All CVE users should reference CVE-2017-10140 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-11-13T03:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13827", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"kext tools\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13835", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13837", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Installer\" component. It does not properly restrict an app's entitlements for accessing the FileVault unlock key." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13839", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"Spotlight\" component. It allows local users to see results for other users' files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13850", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT207922", "name" : "https://support.apple.com/HT207922", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT207922", "name" : "https://support.apple.com/HT207922", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Font Importer\" component. It allows remote attackers to cause a denial of service (memory corruption) or obtain sensitive information from process memory via a crafted font." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.12.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13851", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the \"DesktopServices\" component. It allows local users to bypass intended access restrictions on home folder files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13853", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT207922", "name" : "https://support.apple.com/HT207922", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT207922", "name" : "https://support.apple.com/HT207922", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"AppleGraphicsControl\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.12.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13854", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208113", "name" : "https://support.apple.com/HT208113", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208113", "name" : "https://support.apple.com/HT208113", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208115", "name" : "https://support.apple.com/HT208115", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208115", "name" : "https://support.apple.com/HT208115", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13863", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"APNs\" component. It allows man-in-the-middle attackers to track users by leveraging the transmission of client certificates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13873", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208113", "name" : "https://support.apple.com/HT208113", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208113", "name" : "https://support.apple.com/HT208113", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208115", "name" : "https://support.apple.com/HT208115", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208115", "name" : "https://support.apple.com/HT208115", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Kernel\" component. It allows attackers to obtain sensitive network-activity information about arbitrary apps via a crafted app." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13877", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208112", "name" : "https://support.apple.com/HT208112", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Sandbox Profiles\" component. It allows attackers to determine whether arbitrary files exist via a crafted app." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13880", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208325", "name" : "https://support.apple.com/en-us/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208325", "name" : "https://support.apple.com/en-us/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208334", "name" : "https://support.apple.com/en-us/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208334", "name" : "https://support.apple.com/en-us/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel privilege." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13884", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208324", "name" : "https://support.apple.com/HT208324", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208324", "name" : "https://support.apple.com/HT208324", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208325", "name" : "https://support.apple.com/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208325", "name" : "https://support.apple.com/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208326", "name" : "https://support.apple.com/HT208326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208326", "name" : "https://support.apple.com/HT208326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208327", "name" : "https://support.apple.com/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208327", "name" : "https://support.apple.com/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208328", "name" : "https://support.apple.com/HT208328", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208328", "name" : "https://support.apple.com/HT208328", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://usn.ubuntu.com/3551-1/", "name" : "USN-3551-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3551-1/", "name" : "USN-3551-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "versionEndExcluding" : "12.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13885", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208324", "name" : "https://support.apple.com/HT208324", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208324", "name" : "https://support.apple.com/HT208324", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208326", "name" : "https://support.apple.com/HT208326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208326", "name" : "https://support.apple.com/HT208326", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208327", "name" : "https://support.apple.com/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208327", "name" : "https://support.apple.com/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208328", "name" : "https://support.apple.com/HT208328", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208328", "name" : "https://support.apple.com/HT208328", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://usn.ubuntu.com/3551-1/", "name" : "USN-3551-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3551-1/", "name" : "USN-3551-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. tvOS before 11.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.0.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:icloud:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*", "versionEndExcluding" : "12.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13886", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208331", "name" : "https://support.apple.com/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208331", "name" : "https://support.apple.com/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In macOS High Sierra before 10.13.2, an access issue existed with privileged WiFi system configuration. This issue was addressed with additional restrictions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-11T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13887", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-320" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208331", "name" : "https://support.apple.com/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208331", "name" : "https://support.apple.com/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In macOS High Sierra before 10.13.2, a logic issue existed in APFS when deleting keys during hibernation. This was addressed with improved state management." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-11T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13888", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-704" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In iOS before 11.2, a type confusion issue was addressed with improved memory handling." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-11T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13889", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208465", "name" : "https://support.apple.com/HT208465", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208465", "name" : "https://support.apple.com/HT208465", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a logic error existed in the validation of credentials. This was addressed with improved credential validation." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.13.0", "versionEndExcluding" : "10.13.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-01-11T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13890", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103579", "name" : "103579", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103579", "name" : "103579", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040608", "name" : "1040608", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040608", "name" : "1040608", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208144", "name" : "https://support.apple.com/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208692", "name" : "https://support.apple.com/HT208692", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208692", "name" : "https://support.apple.com/HT208692", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. macOS before 10.13 is affected. The issue involves the \"CoreTypes\" component. It allows remote attackers to trigger disk-image mounting via a crafted web site." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13891", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In iOS before 11.2, an inconsistent user interface issue was addressed through improved state management." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-01-11T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13892", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208331", "name" : "https://support.apple.com/en-us/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208331", "name" : "https://support.apple.com/en-us/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan. Sharing contact information may lead to unexpected data sharing." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.12", "versionEndExcluding" : "10.12.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2017-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-004:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.11", "versionEndExcluding" : "10.11.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.12.6:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13893", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13894", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13895", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13896", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13897", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13898", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13899", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13900", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13901", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13902", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13904", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html", "refsource" : "", "tags" : [ ] }, { "url" : "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/172828/Apple-packet-mangler-Remote-Code-Execution.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://support.apple.com/HT208325", "name" : "https://support.apple.com/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208325", "name" : "https://support.apple.com/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208327", "name" : "https://support.apple.com/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208327", "name" : "https://support.apple.com/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208331", "name" : "https://support.apple.com/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208331", "name" : "https://support.apple.com/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/HT208334", "name" : "https://support.apple.com/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-03T06:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13905", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208325", "name" : "https://support.apple.com/en-us/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208325", "name" : "https://support.apple.com/en-us/HT208325", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208327", "name" : "https://support.apple.com/en-us/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208327", "name" : "https://support.apple.com/en-us/HT208327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208331", "name" : "https://support.apple.com/en-us/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208331", "name" : "https://support.apple.com/en-us/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208334", "name" : "https://support.apple.com/en-us/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208334", "name" : "https://support.apple.com/en-us/HT208334", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.12.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "11.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.12", "versionEndExcluding" : "10.12.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.12.6:security_update_2017-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-004:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.11", "versionEndExcluding" : "10.11.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13906", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208221", "name" : "https://support.apple.com/en-us/HT208221", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208221", "name" : "https://support.apple.com/en-us/HT208221", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A malicious application may be able to elevate privileges." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.12", "versionEndIncluding" : "10.12.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.11", "versionEndExcluding" : "10.11.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13907", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208221", "name" : "https://support.apple.com/en-us/HT208221", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208221", "name" : "https://support.apple.com/en-us/HT208221", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The screen lock may unexpectedly remain unlocked." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.12", "versionEndIncluding" : "10.12.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.11", "versionEndExcluding" : "10.11.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13908", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208221", "name" : "https://support.apple.com/en-us/HT208221", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208221", "name" : "https://support.apple.com/en-us/HT208221", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS High Sierra 10.13. A local attacker may be able to execute non-executable text files via an SMB share." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2016-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.12", "versionEndIncluding" : "10.12.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-002:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-001:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:security_update_2017-003:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:10.11.6:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.11", "versionEndExcluding" : "10.11.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13909", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-922" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0", "versionEndExcluding" : "10.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13910", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/en-us/HT208144", "name" : "https://support.apple.com/en-us/HT208144", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.13", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2021-12-23T20:15Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13911", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://support.apple.com/kb/HT208331", "name" : "https://support.apple.com/kb/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/kb/HT208331", "name" : "https://support.apple.com/kb/HT208331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/kb/HT208692", "name" : "https://support.apple.com/kb/HT208692", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://support.apple.com/kb/HT208692", "name" : "https://support.apple.com/kb/HT208692", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS X El Capitan 10.11.6 Security Update 2018-002, macOS Sierra 10.12.6 Security Update 2018-002, macOS High Sierra 10.13.2." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionEndExcluding" : "10.11.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.13", "versionEndExcluding" : "10.13.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.12", "versionEndExcluding" : "10.12.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-04-03T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13912", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13913", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13914", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13915", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13916", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13917", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13918", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13919", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13920", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13921", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13922", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13923", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13924", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13925", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13926", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13927", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13928", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13929", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13930", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13931", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13932", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13933", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13934", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13935", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13936", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13937", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13938", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13939", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13940", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13941", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13942", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13943", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13944", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13945", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13946", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13947", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13948", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13949", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1395", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127341", "name" : "ibm-sig-cve20171395-info-disc(127341)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127341", "name" : "ibm-sig-cve20171395-info-disc(127341)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance and Intelligence Virtual Appliance 5.2 through 5.2.3.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 127341." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2", "versionEndIncluding" : "5.2.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-13T16:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13950", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13951", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13952", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13953", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13954", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13955", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13956", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13957", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13958", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13959", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1396", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-275" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127342", "name" : "ibm-sig-cve20171396-priv-escalation(127342)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127342", "name" : "ibm-sig-cve20171396-priv-escalation(127342)", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 127342." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13960", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13961", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13962", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13963", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13964", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13965", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13966", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13967", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13968", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13969", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13970", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13971", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13972", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13973", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13974", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13975", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13976", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13977", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13978", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13979", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13980", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-13981", "ASSIGNER" : "product-security@apple.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: This candidate is unused by its CNA." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2023-09-14T19:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14002", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103405", "name" : "103405", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103405", "name" : "103405", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ge:infinia_hawkeye_4_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ge:infinia_hawkeye_4:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14004", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GE GEMNet License server (EchoServer) all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ge:gemnet_license_server:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14006", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ge:xeleris:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ge:xeleris:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ge:xeleris:2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ge:xeleris:3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ge:xeleris:3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14008", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103400", "name" : "103400", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103400", "name" : "103400", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "GE Centricity PACS RA1000, diagnostic image analysis, all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ge:centricity_pacs_ra1000:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T16:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14010", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-427" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://spidercontrol.net/download/downloadarea/?lang=en", "name" : "http://spidercontrol.net/download/downloadarea/?lang=en", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://spidercontrol.net/download/downloadarea/?lang=en", "name" : "http://spidercontrol.net/download/downloadarea/?lang=en", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://www.securityfocus.com/bid/101505", "name" : "101505", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101505", "name" : "101505", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-292-01", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spidercontrol:scada_microbrowser:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.6.30.144", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_8:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_vista:*:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:microsoft:windows_xp:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-26T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14012", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-311" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101510", "name" : "101510", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101510", "name" : "101510", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:bostonscientific:zoom_latitude_prm_3120_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:bostonscientific:zoom_latitude_prm_3120:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-01T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14014", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101510", "name" : "101510", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101510", "name" : "101510", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:bostonscientific:zoom_latitude_prm_3120_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:bostonscientific:zoom_latitude_prm_3120:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-01T18:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14026", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/105303", "name" : "105303", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/105303", "name" : "105303", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-249-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Ice Qube Thermal Management Center versions prior to version 4.13, the web application does not properly authenticate users which may allow an attacker to gain access to sensitive information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:iceqube:thermal_management_center_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:iceqube:thermal_management_center:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-06T19:29Z", "lastModifiedDate" : "2024-11-21T03:11Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14030", "ASSIGNER" : "ics-cert@hq.dhs.gov" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-428" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102494", "name" : "102494", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102494", "name" : "102494", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-011-02", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue was discovered in Moxa MXview v2.8 and prior. The unquoted service path escalation vulnerability could allow an authorized user with file access to escalate privileges by inserting arbitrary code into the unquoted service path." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:moxa:mxview:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-12T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1405", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-345" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013617", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013617", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013617", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013617", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127392", "name" : "ibm-sim-cve20171405-code-exec(127392)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127392", "name" : "ibm-sim-cve20171405-code-exec(127392)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Manager Virtual Appliance 7.0 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 127392." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_manager:7.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 4.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-08T13:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14082", "ASSIGNER" : "security@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102216", "name" : "102216", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102216", "name" : "102216", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-972/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-972/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.zerodayinitiative.com/advisories/ZDI-17-972/", "name" : "http://www.zerodayinitiative.com/advisories/ZDI-17-972/", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://success.trendmicro.com/solution/1118993", "name" : "https://success.trendmicro.com/solution/1118993", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://success.trendmicro.com/solution/1118993", "name" : "https://success.trendmicro.com/solution/1118993", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An uninitialized pointer information disclosure vulnerability in Trend Micro Mobile Security (Enterprise) versions 9.7 and below could allow an unauthenticated remote attacker to disclosure sensitive information on a vulnerable system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trendmicro:mobile_security:*:*:*:*:enterprise:*:*:*", "versionEndIncluding" : "9.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1409", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127396", "name" : "ibm-sig-cve20171409-info-disc(127396)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127396", "name" : "ibm-sig-cve20171409-info-disc(127396)", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 127396." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14094", "ASSIGNER" : "security@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a cron job injection on a vulnerable system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14095", "ASSIGNER" : "security@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-829" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to perform remote command execution via a local file inclusion on a vulnerable system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14096", "ASSIGNER" : "security@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-19T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14097", "ASSIGNER" : "security@trendmicro.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102275", "name" : "102275", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://success.trendmicro.com/solution/1118992", "name" : "https://success.trendmicro.com/solution/1118992", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "name" : "https://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43388/", "name" : "43388", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An improper access control vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to decrypt contents of a database with information that could be used to access a vulnerable system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:trendmicro:smart_protection_server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1411", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-522" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399", "name" : "ibm-sig-cve20171411-info-disc(127399)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127399", "name" : "ibm-sig-cve20171411-info-disc(127399)", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 127399." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14113", "ASSIGNER" : "security@qnap.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-13067. Reason: This candidate is a reservation duplicate of CVE-2017-13067. Notes: All CVE users should reference CVE-2017-13067 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-09-14T15:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1412", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22016869", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127400", "name" : "ibm-sig-cve20171412-info-disc(127400)", "refsource" : "", "tags" : [ "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127400", "name" : "ibm-sig-cve20171412-info-disc(127400)", "refsource" : "", "tags" : [ "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 127400." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_identity_governance_and_intelligence:5.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14177", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "name" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "name" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1726372", "name" : "https://launchpad.net/bugs/1726372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1726372", "name" : "https://launchpad.net/bugs/1726372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177", "name" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177", "name" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/usn/usn-3480-1", "name" : "USN-3480-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/usn/usn-3480-1", "name" : "USN-3480-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apport through 2.20.7 does not properly handle core dumps from setuid binaries allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1324." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.20.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-02T14:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14178", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-755" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/snapcore/snapd/pull/4194", "name" : "https://github.com/snapcore/snapd/pull/4194", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/snapcore/snapd/pull/4194", "name" : "https://github.com/snapcore/snapd/pull/4194", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1730255", "name" : "https://launchpad.net/bugs/1730255", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://launchpad.net/bugs/1730255", "name" : "https://launchpad.net/bugs/1730255", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html", "name" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html", "name" : "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to call journalctl without match arguments and therefore allow unprivileged, unauthenticated users to bypass systemd-journald's access restrictions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:snapcraft:snapd:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.27", "versionEndIncluding" : "2.29.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-02T14:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14179", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://launchpad.net/bugs/1726372", "name" : "https://launchpad.net/bugs/1726372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1726372", "name" : "https://launchpad.net/bugs/1726372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179", "name" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179", "name" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14179", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apport before 2.13 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-02T14:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1418", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-275" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181", "name" : "http://www.ibm.com/support/docview.wss?uid=ibm10735181", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406", "name" : "ibm-ibus-cve20171418-file-access(127406)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/127406", "name" : "ibm-ibus-cve20171418-file-access(127406)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Integration Bus 9.0.0.0, 9.0.0.11, 10.0.0.0, and 10.0.0.14 (including IBM WebSphere Message Broker 8.0.0.0 and 8.0.0.9) has insecure permissions on certain files. A local attacker could exploit this vulnerability to modify or delete these files with an unknown impact. IBM X-Force ID: 127406." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*", "versionStartIncluding" : "10.0.0.0", "versionEndIncluding" : "10.0.0.14", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0.0", "versionEndIncluding" : "9.0.0.11", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:websphere_message_broker:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0.0", "versionEndIncluding" : "8.0.0.9", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-11-26T16:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14180", "ASSIGNER" : "security@ubuntu.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "name" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "name" : "https://bazaar.launchpad.net/~apport-hackers/apport/trunk/revision/3171", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1726372", "name" : "https://launchpad.net/bugs/1726372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://launchpad.net/bugs/1726372", "name" : "https://launchpad.net/bugs/1726372", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180", "name" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180", "name" : "https://people.canonical.com/~ubuntu-security/cve/?cve=CVE-2017-14180", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/usn/usn-3480-1", "name" : "USN-3480-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/usn/usn-3480-1", "name" : "USN-3480-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Apport 2.13 through 2.20.7 does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion or possibly gain root privileges, a different vulnerability than CVE-2017-14179." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.13", "versionEndIncluding" : "2.20.7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-02T14:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14185", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/104288", "name" : "104288", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104288", "name" : "104288", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-231", "name" : "https://fortiguard.com/advisory/FG-IR-17-231", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-231", "name" : "https://fortiguard.com/advisory/FG-IR-17-231", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8 and 5.2 all versions allows SSL VPN web portal users to access internal FortiOS configuration information (eg:addresses) via specifically crafted URLs inside the SSL-VPN web portal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.6.0", "versionEndIncluding" : "5.6.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndIncluding" : "5.2.13", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndIncluding" : "5.4.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-25T16:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14187", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/104312", "name" : "104312", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104312", "name" : "104312", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040983", "name" : "1040983", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040983", "name" : "1040983", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-245", "name" : "https://fortiguard.com/advisory/FG-IR-17-245", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-245", "name" : "https://fortiguard.com/advisory/FG-IR-17-245", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A local privilege escalation and local code execution vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.8, and 5.2 and below versions allows attacker to execute unauthorized binary program contained on an USB drive plugged into a FortiGate via linking the aforementioned binary program to a command that is allowed to be run by the fnsysctl CLI command." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.6.0", "versionEndIncluding" : "5.6.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.2.0", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndIncluding" : "5.4.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.2, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.3, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-24T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14190", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102779", "name" : "102779", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102779", "name" : "102779", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040284", "name" : "1040284", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040284", "name" : "1040284", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-262", "name" : "https://fortiguard.com/advisory/FG-IR-17-262", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-262", "name" : "https://fortiguard.com/advisory/FG-IR-17-262", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to 5.6.2, 5.4.0 to 5.4.7, 5.2 and earlier, allows attacker to inject arbitrary web script or HTML via maliciously crafted \"Host\" header in user HTTP requests." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.6.0", "versionEndIncluding" : "5.6.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.4.0", "versionEndIncluding" : "5.4.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", "versionEndIncluding" : "5.2.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-29T16:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14191", "ASSIGNER" : "psirt@fortinet.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103430", "name" : "103430", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103430", "name" : "103430", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-279", "name" : "https://fortiguard.com/advisory/FG-IR-17-279", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://fortiguard.com/advisory/FG-IR-17-279", "name" : "https://fortiguard.com/advisory/FG-IR-17-279", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 up to but not including 6.1.0 under \"Signed Security Mode\", allows attacker to bypass the signed user cookie protection by removing the FortiWeb own protection session cookie." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fortinet:fortiweb:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.6.0", "versionEndExcluding" : "6.1.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-20T13:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14199", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/zephyrproject-rtos/zephyr/pull/6158", "name" : "https://github.com/zephyrproject-rtos/zephyr/pull/6158", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/zephyrproject-rtos/zephyr/pull/6158", "name" : "https://github.com/zephyrproject-rtos/zephyr/pull/6158", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12", "name" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] }, { "url" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12", "name" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-12", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A buffer overflow has been found in the Zephyr Project's getaddrinfo() implementation in 1.9.0 and 1.10.0." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zephyrproject:zephyr:1.9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zephyrproject:zephyr:1.10.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-04-12T17:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14200", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Unused CVE for 2017" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-05-11T23:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14201", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "name" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "name" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://github.com/zephyrproject-rtos/zephyr/pull/13260", "name" : "https://github.com/zephyrproject-rtos/zephyr/pull/13260", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/zephyrproject-rtos/zephyr/pull/13260", "name" : "https://github.com/zephyrproject-rtos/zephyr/pull/13260", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17", "name" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17", "name" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-17", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Use After Free vulnerability in the Zephyr shell allows a serial or telnet connected user to cause denial of service, and possibly remote code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-29T01:15Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14202", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "name" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "name" : "https://docs.zephyrproject.org/1.14.0/releases/release-notes-1.14.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://github.com/zephyrproject-rtos/zephyr/pull/13048", "name" : "https://github.com/zephyrproject-rtos/zephyr/pull/13048", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/zephyrproject-rtos/zephyr/pull/13048", "name" : "https://github.com/zephyrproject-rtos/zephyr/pull/13048", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18", "name" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18", "name" : "https://zephyrprojectsec.atlassian.net/browse/ZEPSEC-18", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the shell component of Zephyr allows a serial or telnet connected user to cause a crash, possibly with arbitrary code execution. This issue affects: Zephyr shell versions prior to 1.14.0 on all." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.14.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-08-29T01:15Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14203", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Unused CVE for 2017" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-03-07T00:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14204", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Unused CVE for 2017" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-03-07T00:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14205", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Unused CVE for 2017" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-03-07T00:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14206", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Unused CVE for 2017" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-03-07T00:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14207", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Unused CVE for 2017" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-03-07T00:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14208", "ASSIGNER" : "vulnerabilities@zephyrproject.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: Unused CVE for 2017" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-03-07T00:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14232", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-399" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cxsecurity.com/cveshow/CVE-2017-14232", "name" : "https://cxsecurity.com/cveshow/CVE-2017-14232", "refsource" : "", "tags" : [ ] }, { "url" : "https://cxsecurity.com/cveshow/CVE-2017-14232", "name" : "https://cxsecurity.com/cveshow/CVE-2017-14232", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "name" : "https://www.oracle.com/security-alerts/cpuapr2020.html", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The read_chunk function in flif-dec.cpp in Free Lossless Image Format (FLIF) 0.3 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted flif file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:flif:flif:0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:jasper_project:jasper:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.0.16", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-08-15T17:15Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14250", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-31T18:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14323", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Apr/16", "name" : "20180406 SSRF(Server Side Request Forgery) in Onethink All version (CVE-2017-14323)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Apr/16", "name" : "20180406 SSRF(Server Side Request Forgery) in Onethink All version (CVE-2017-14323)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in Onethink V1.0 and V1.1 allows remote attackers to obtain sensitive information, attack intranet hosts, or possibly trigger remote command execution via the upfile parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:onethink:onethink:1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:onethink:onethink:1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14381", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14382", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14383", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2017/Dec/87", "name" : "http://seclists.org/fulldisclosure/2017/Dec/87", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2017/Dec/87", "name" : "http://seclists.org/fulldisclosure/2017/Dec/87", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to execute arbitrary HTML code in the user's browser session in the context of the affected web application." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_vnx2_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.1.9.217", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_vnx2:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dell:emc_vnx1_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.1.80.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dell:emc_vnx1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-04T06:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14384", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf", "name" : "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf", "name" : "http://topics-cdn.dell.com/pdf/storage-sc2000_release%20notes24_en-us.pdf", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/103467", "name" : "103467", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103467", "name" : "103467", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Dell Storage Manager versions earlier than 16.3.20, the EMConfigMigration service is affected by a directory traversal vulnerability. A remote malicious user could potentially exploit this vulnerability to read unauthorized files by supplying specially crafted strings in input parameters of the application. A malicious user cannot delete or modify any files via this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dell:storage_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "16.3.20", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-16T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14391", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-03T15:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14392", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-03T15:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14393", "ASSIGNER" : "secure@dell.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-01-03T15:29Z", "lastModifiedDate" : "2023-11-07T02:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14394", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "name" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "name" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OAuth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to perform phishing via an unvalidated redirect." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.5.0", "versionEndIncluding" : "13.5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-06-19T22:15Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14395", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "name" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "name" : "https://backstage.forgerock.com/knowledge/kb/article/a45958025", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Auth 2.0 Authorization Server of ForgeRock Access Management (OpenAM) 13.5.0-13.5.1 and Access Management (AM) 5.0.0-5.1.1 does not correctly validate redirect_uri for some invalid requests, which allows attackers to execute a script in the user's browser via reflected XSS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.0.0", "versionEndIncluding" : "5.1.1", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:forgerock:openam:*:*:*:*:*:*:*:*", "versionStartIncluding" : "13.5.0", "versionEndIncluding" : "13.5.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-06-19T22:15Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14432", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the openvpnServer0_tmp= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14433", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetwork0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14434", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0482", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable command injection vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP POST can cause a privilege escalation resulting in root shell. An attacker can inject OS commands into the remoteNetmask0= parameter in the \"/goform/net\\_Web\\_get_value\" uri to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14435", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG.ini\" without a cookie header to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14436", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_CFG2.ini\" without a cookie header to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14437", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0474", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable denial of service vulnerability exists in the web server functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted HTTP URI can cause a null pointer dereference resulting in denial of service. An attacker can send a GET request to \"/MOXA\\_LOG.ini\" without a cookie header to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14438", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4000/tcp to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14439", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0487", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Exploitable denial of service vulnerabilities exists in the Service Agent functionality of Moxa EDR-810 V4.1 build 17030317. A specially crafted packet can cause a denial of service. An attacker can send a large packet to 4001/tcp to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:edr-810_firmware:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:edr-810:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-14T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14440", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable code execution vulnerability exists in the ILBM image rendering functionality of SDL2_image-2.0.2. A specially crafted ILBM image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14441", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable code execution vulnerability exists in the ICO image rendering functionality of SDL2_image-2.0.2. A specially crafted ICO image can cause an integer overflow, cascading to a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14442", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable code execution vulnerability exists in the BMP image rendering functionality of SDL2_image-2.0.2. A specially crafted BMP image can cause a stack overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14443", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0492", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable information leak vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly checks the number of GET parameters supplied, leading to an arbitrarily controlled information leak on the whole device memory. An attacker can send an authenticated HTTP request to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_2245-222_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub_2245-222:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-09-17T17:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14444", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0493", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0493", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0493", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0493", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.9, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.1, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "COMPLETE", "baseScore" : 8.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 8.5, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-02T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14445", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0494", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.9, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.1, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "COMPLETE", "baseScore" : 8.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 8.5, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-02T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14446", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0495", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0495", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0495", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0495", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable stack-based buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation unsafely extracts parameters from the query string, leading to a buffer overflow on the stack. An attacker can send an HTTP GET request to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.9, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.1, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "COMPLETE", "baseScore" : 8.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 8.5, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-02T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14447", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0496", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable buffer overflow vulnerability exists in the PubNub message handler for the 'ad' channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow overwriting arbitrary data. An attacker should send an authenticated HTTP request to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.7, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.1, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-06T17:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14448", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a heap overflow resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14449", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-415" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A double-Free vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.2. A specially crafted XCF image can cause a Double-Free situation to occur. An attacker can display a specially crafted image to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14450", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00005.html", "name" : "[debian-lts-announce] 20180406 [SECURITY] [DLA 1341-1] sdl-image1.2 security update", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201903-17", "name" : "GLSA-201903-17", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4177", "name" : "DSA-4177", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4184", "name" : "DSA-4184", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A buffer overflow vulnerability exists in the GIF image parsing functionality of SDL2_image-2.0.2. A specially crafted GIF image can lead to a buffer overflow on a global section. An attacker can display an image to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:libsdl:sdl_image:2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-24T19:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14451", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0500", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:ethereum:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 10.0, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 6.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-12-02T18:15Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14452", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable buffer overflow vulnerability exists in the PubNub message handler for the \"control\" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. A strcpy overflows the buffer insteon_pubnub.channel_cc_r, which has a size of 16 bytes. An attacker can send an arbitrarily long \"c_r\" parameter in order to exploit this vulnerability. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-23T18:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14453", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ad_r, which has a size of 16 bytes. An attacker can send an arbitrarily long \"ad_r\" parameter in order to exploit this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_2245-222_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub_2245-222:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14454", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple exploitable buffer overflow vulnerabilities exists in the PubNub message handler for the \"control\" channel of Insteon Hub running firmware version 1012. Specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. The `strcpy` at [18] overflows the buffer `insteon_pubnub.channel_al`, which has a size of 16 bytes." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 6.0 } }, "publishedDate" : "2023-01-12T00:15Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14455", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144975", "name" : "CVE-2017-14455", "refsource" : "Insteon Hub UpdateCheck command buffer overflow", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0502", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "On Insteon Hub 2245-222 devices with firmware version 1012, specially crafted replies received from the PubNub service can cause buffer overflows on a global section overwriting arbitrary data. An attacker should impersonate PubNub and answer an HTTPS GET request to trigger this vulnerability. A strcpy overflows the buffer insteon_pubnub.channel_ak, which has a size of 16 bytes. An attacker can send an arbitrarily long \"ak\" parameter in order to exploit this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:insteon:hub_2245-222_firmware:1012:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:insteon:hub_2245-222:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14456", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-10-30T16:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14457", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102475", "name" : "102475", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0503", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable information leak/denial of service vulnerability exists in the libevm (Ethereum Virtual Machine) `create2` opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can create/send malicious a smart contract to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ethereum:ethereum_virtual_machine:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 8.2, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-19T23:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14458", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103942", "name" : "103942", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103942", "name" : "103942", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040733", "name" : "1040733", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040733", "name" : "1040733", "refsource" : "", "tags" : [ "Broken Link", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0506", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 8.3.2.25013. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:foxit:pdf_reader:8.3.2.25013:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14459", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0507", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable OS Command Injection vulnerability exists in the Telnet, SSH, and console login functionality of Moxa AWK-3131A Industrial IEEE 802.11a/b/g/n wireless AP/bridge/client in firmware versions 1.4 to 1.7 (current). An attacker can inject commands via the username parameter of several services (SSH, Telnet, console), resulting in remote, unauthenticated, root-level operating system command execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:awk-3131a_firmware:1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:awk-3131a_firmware:1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:awk-3131a_firmware:1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:moxa:awk-3131a_firmware:1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:moxa:awk-3131a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-11T16:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14460", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0508", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable overly permissive cross-domain (CORS) whitelist vulnerability exists in JSON-RPC of Parity Ethereum client version 1.7.8. An automatically sent JSON object to JSON-RPC endpoint can trigger this vulnerability. A victim needs to visit a malicious website to trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:parity:ethereum_client:1.7.8:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.6, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:H/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "HIGH", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.1 }, "severity" : "MEDIUM", "exploitabilityScore" : 4.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-19T23:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14461", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103201", "name" : "103201", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103201", "name" : "103201", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html", "name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html", "name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510", "name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0510", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3587-1/", "name" : "USN-3587-1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3587-1/", "name" : "USN-3587-1", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3587-2/", "name" : "USN-3587-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3587-2/", "name" : "USN-3587-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4130", "name" : "DSA-4130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4130", "name" : "DSA-4130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html", "name" : "[dovecot-news] 20180228 v2.2.34 released", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html", "name" : "[dovecot-news] 20180228 v2.2.34 released", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the server." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dovecot:dovecot:2.2.33.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubuntu:ubuntu:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubuntu:ubuntu:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ubuntu:ubuntu:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T15:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14462", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG (also RUN for some) Description: Allows an attacker to enable SNMP, Modbus, DNP, and any other features in the channel configuration. Also allows attackers to change network parameters, such as IP address, name server, and domain name." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14463", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0012 Fault Type: Non-User Description: A fault state can be triggered by overwriting the ladder logic data file (type 0x22 number 0x02) with null values." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14464", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability.Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0001 Fault Type: Non-User Description: A fault state can be triggered by setting the NVRAM/memory module user program mismatch bit (S2:9) when a memory module is NOT installed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14465", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Any input or output can be forced, causing unpredictable activity from the PLC." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14466", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: The filetype 0x03 allows users write access, allowing the ability to overwrite the Master Password value stored in the file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14467", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE Description: Live rung edits are able to be made by an unauthenticated user allowing for addition, deletion, or modification of existing ladder logic. Additionally, faults and cpu state modification can be triggered if specific ladder logic is used." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14468", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Description: This ability is leveraged in a larger exploit to flash custom firmware." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14469", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Code: 0028 Fault Type: Non-User Description: Values 0x01 and 0x02 are invalid values for the user fault routine. By writing directly to the file it is possible to set these values. When this is done and the device is moved into a run state, a fault is triggered. NOTE: This is not possible through RSLogix." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14470", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG or RUN Description: The value 0xffffffff is considered NaN for the Float data type. When a float is set to this value and used in the PLC, a fault is triggered. NOTE: This is not possible through RSLogix." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14471", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: REMOTE or PROG Associated Fault Codes: 0023, 002e, and 0037 Fault Type: Recoverable Description: The STI, EII, and HSC function files contain bits signifying whether or not a fault has occurred. Additionally there is a bit signaling the module to auto start. When these bits are set for any of the three modules and the device is moved into a run state, a fault is triggered." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14472", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Requests a specific set of bytes from an undocumented data file and returns the ASCII version of the master password." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14473", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0443", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An exploitable access control vulnerability exists in the data, program, and function file permissions functionality of Allen Bradley Micrologix 1400 Series B FRN 21.2 and before. A specially crafted packet can cause a read or write operation resulting in disclosure of sensitive information, modification of settings, or modification of ladder logic. An attacker can send unauthenticated packets to trigger this vulnerability. Required Keyswitch State: Any Description: Reads the encoded ladder logic from its data file and print it out in HEX." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:rockwellautomation:micrologix_1400_b_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "21.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:rockwellautomation:micrologix_1400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-05T21:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14474", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1, a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14475", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:linux:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14476", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:solaris:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14477", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::Network::add_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:freebsd:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14478", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Linux), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:linux:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14479", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:solaris:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14480", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::Network::clear_ip function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for FreeBSD), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:freebsd:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14481", "ASSIGNER" : "talos-cna@cisco.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0501", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the MMM::Agent::Helpers::Network::send_arp function in MySQL Multi-Master Replication Manager (MMM) mmm_agentd 2.2.1 (for Solaris), a specially crafted MMM protocol message can cause a shell command injection resulting in arbitrary command execution with the privileges of the mmm\\_agentd process. An attacker that can initiate a TCP session with mmm\\_agentd can trigger this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:mysql-mmm:mysql_multi-master_replication_manager:2.2.1:*:*:*:*:solaris:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14521", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html", "name" : "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html", "name" : "https://securitywarrior9.blogspot.in/2018/01/vulnerability-in-wonder-cms-leading-to.html", "refsource" : "", "tags" : [ "Exploit", "Technical Description", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43963/", "name" : "43963", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43963/", "name" : "43963", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wondercms:wondercms:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wondercms:wondercms:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14522", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://securitywarrior9.blogspot.in/2018/01/stored-xss-in-wonder-cms.html", "name" : "https://securitywarrior9.blogspot.in/2018/01/stored-xss-in-wonder-cms.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://securitywarrior9.blogspot.in/2018/01/stored-xss-in-wonder-cms.html", "name" : "https://securitywarrior9.blogspot.in/2018/01/stored-xss-in-wonder-cms.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wondercms:wondercms:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14523", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-74" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html", "name" : "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html", "name" : "https://securitywarrior9.blogspot.in/2018/01/host-header-injection-in-wonder-cms.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43964/", "name" : "43964", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43964/", "name" : "43964", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:wondercms:wondercms:2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T20:29Z", "lastModifiedDate" : "2024-11-21T03:12Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14535", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-78" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html", "name" : "http://packetstormsecurity.com/files/162854/Trixbox-2.8.0.4-Remote-Code-Execution.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103004", "name" : "103004", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103004", "name" : "103004", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit", "name" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit", "name" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14535-Exploit", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/", "name" : "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/", "name" : "https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://twitter.com/tiger_tigerboy/status/962689803270500352", "name" : "https://twitter.com/tiger_tigerboy/status/962689803270500352", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://twitter.com/tiger_tigerboy/status/962689803270500352", "name" : "https://twitter.com/tiger_tigerboy/status/962689803270500352", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t", "name" : "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t", "name" : "https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-16T04:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14536", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103009", "name" : "103009", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103009", "name" : "103009", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-cross-site-scripting-vulnerabilities/", "name" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-cross-site-scripting-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-cross-site-scripting-vulnerabilities/", "name" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-cross-site-scripting-vulnerabilities/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-16T04:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14537", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-22" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html", "name" : "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html", "name" : "http://packetstormsecurity.com/files/162853/Trixbox-2.8.0.4-Path-Traversal.html", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103007", "name" : "103007", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103007", "name" : "103007", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit", "name" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit", "name" : "https://github.com/Hacker5preme/Exploits/tree/main/CVE-2017-14537-Exploit", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/", "name" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/", "name" : "https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-16T04:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1459", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012331", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012331", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012331", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securitytracker.com/id/1040170", "name" : "1040170", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040170", "name" : "1040170", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128378", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_8.0_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.2, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 6.8, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T17:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14592", "ASSIGNER" : "security@atlassian.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" }, { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102926", "name" : "102926", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102926", "name" : "102926", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "name" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "name" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jira.atlassian.com/browse/SRCTREE-5243", "name" : "https://jira.atlassian.com/browse/SRCTREE-5243", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jira.atlassian.com/browse/SRCTREE-5243", "name" : "https://jira.atlassian.com/browse/SRCTREE-5243", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the system. From version 1.4.0 of Sourcetree for macOS, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for macOS starting with 1.0b2 before version 2.7.0 are affected by this vulnerability." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:sourcetree:1.0:beta2:*:*:*:macos:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:sourcetree:1.0:beta3:*:*:*:macos:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:sourcetree:1.0:beta4:*:*:*:macos:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:sourcetree:1.0:beta5:*:*:*:macos:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:sourcetree:1.0:rc1:*:*:*:macos:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:macos:*:*", "versionStartIncluding" : "1.0", "versionEndExcluding" : "2.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14593", "ASSIGNER" : "security@atlassian.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" }, { "lang" : "en", "value" : "CWE-77" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102926", "name" : "102926", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102926", "name" : "102926", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "name" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "name" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jira.atlassian.com/browse/SRCTREEWIN-8256", "name" : "https://jira.atlassian.com/browse/SRCTREEWIN-8256", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://jira.atlassian.com/browse/SRCTREEWIN-8256", "name" : "https://jira.atlassian.com/browse/SRCTREEWIN-8256", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system. From version 0.8.4b of Sourcetree for Windows, this vulnerability can be triggered from a webpage through the use of the Sourcetree URI handler. Versions of Sourcetree for Windows starting with 0.5.1.0 before version 2.4.7.0 are affected by this vulnerability" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:sourcetree:*:*:*:*:*:windows:*:*", "versionStartIncluding" : "0.5.1.0", "versionEndExcluding" : "2.4.7.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T02:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14594", "ASSIGNER" : "security@atlassian.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://jira.atlassian.com/browse/JRASERVER-66495", "name" : "https://jira.atlassian.com/browse/JRASERVER-66495", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://jira.atlassian.com/browse/JRASERVER-66495", "name" : "https://jira.atlassian.com/browse/JRASERVER-66495", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*", "versionEndExcluding" : "7.2.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:atlassian:jira_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.3.0", "versionEndExcluding" : "7.6.1", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-12T14:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14611", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Apr/15", "name" : "20180406 SSRF(Server Side Request Forgery) in Cockpit CMS 0.13.0 (CVE-2017-14611)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Apr/15", "name" : "20180406 SSRF(Server Side Request Forgery) in Cockpit CMS 0.13.0 (CVE-2017-14611)", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:agentejo:cockpit:0.13.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 9.1, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 6.4 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-10T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14612", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "\"Shpock Boot Sale & Classifieds\" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shpock:shpock:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding" : "3.17.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-12T16:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1462", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013739", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013739", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22013739", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22013739", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/103127", "name" : "103127", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103127", "name" : "103127", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040393", "name" : "1040393", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040393", "name" : "1040393", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128461", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128461." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:6.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-21T21:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14655", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14656", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14657", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14658", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14659", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14660", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14661", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14662", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14663", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14664", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14665", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14666", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14667", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14668", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14669", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14670", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14671", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14672", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14673", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14674", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14675", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14676", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14677", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14678", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14679", "ASSIGNER" : "psirt@forcepoint.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-03-05T20:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14698", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "name" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "name" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "name" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "name" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary users via the http_passwd parameter to mod_login.asp." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac52u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac55u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n55u_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n55u_d1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac56u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n10_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n12u_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n12e_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n14u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n14u-b1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n14u-b1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n16u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n16u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n17u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n66u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-29T16:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14699", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-611" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "name" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "name" : "https://www.asus.com/Networking/DSL-N14U-B1/HelpDesk_BIOS/", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "name" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "name" : "https://www.securityartwork.es/2018/01/25/some-vulnerability-in-asus-routers/", "refsource" : "", "tags" : [ "Broken Link" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote authenticated users to read arbitrary files via a crafted DTD in (1) an UPDATEACCOUNT or (2) a PROPFIND request." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac51_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac51:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac52u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac52u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac55u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac55u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n55u_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n55u_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n55u_d1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n55u_d1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac56u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac56u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n10_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n10_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n12u_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n12u_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n12e_c1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n12e_c1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n14u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n14u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n14u-b1_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n14u-b1:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n16_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n16:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n16u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n16u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n17u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n17u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-n66u_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-n66u:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:asus:dsl-ac750_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:asus:dsl-ac750:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-29T16:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14709", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" }, { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The komoot GmbH \"Komoot - Cycling & Hiking Maps\" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:komoot:komoot:*:*:*:*:*:iphone_os:*:*", "versionEndExcluding" : "9.3.2", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.4, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-12T16:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14710", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Shein Group Ltd. \"SHEIN - Fashion Shopping\" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:shein:shein-fashion_shopping_online:-:*:*:*:*:iphone_os:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-12T16:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14728", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-798" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.orpak.com/allproducts/siteomat-station-controller-sw/", "name" : "http://www.orpak.com/allproducts/siteomat-station-controller-sw/", "refsource" : "", "tags" : [ "Product", "Vendor Advisory" ] }, { "url" : "http://www.orpak.com/allproducts/siteomat-station-controller-sw/", "name" : "http://www.orpak.com/allproducts/siteomat-station-controller-sw/", "refsource" : "", "tags" : [ "Product", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP remote authentication open to public." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4.414.084", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1473", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-326" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012268", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012268", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012268", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012268", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605", "name" : "ibm-sam-cve20171473-info-disc(128605)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128605", "name" : "ibm-sam-cve20171473-info-disc(128605)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 through 9.0.3.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 128605." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-23T13:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1474", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012329", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012329", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012329", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012329", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/104476", "name" : "104476", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104476", "name" : "104476", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606", "name" : "ibm-sam-cve20171474-info-disc(128606)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128606", "name" : "ibm-sam-cve20171474-info-disc(128606)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 128606." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndIncluding" : "9.0.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.1.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndIncluding" : "7.0.0.32", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-06T17:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14740", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/faizzaidi/GeniXCMS-Version-1.1.0-Cross-Site-Scripting-XSS", "name" : "https://github.com/faizzaidi/GeniXCMS-Version-1.1.0-Cross-Site-Scripting-XSS", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/faizzaidi/GeniXCMS-Version-1.1.0-Cross-Site-Scripting-XSS", "name" : "https://github.com/faizzaidi/GeniXCMS-Version-1.1.0-Cross-Site-Scripting-XSS", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:genixcms:genixcms:1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.7, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-04-26T14:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14742", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.exploit-db.com/exploits/43236/", "name" : "43236", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43236/", "name" : "43236", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:labf:nfsaxe:3.7:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-10-25T22:15Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1476", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012310", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012310", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012310", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012310", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/104501", "name" : "104501", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104501", "name" : "104501", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610", "name" : "ibm-sam-cve20171476-info-disc(128610)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128610", "name" : "ibm-sam-cve20171476-info-disc(128610)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 7.0.0, 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 128610." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndIncluding" : "9.0.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.1.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "7.0.0", "versionEndIncluding" : "7.0.0.32", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-06T17:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14776", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14777", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14778", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14779", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1478", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012323", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012323", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012323", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012323", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102502", "name" : "102502", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102502", "name" : "102502", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040172", "name" : "1040172", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040172", "name" : "1040172", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128613", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 9.0.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 128613." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:9.0.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.3, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-11T17:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14780", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14781", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14782", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14783", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14784", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14785", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14786", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14787", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14788", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14789", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14790", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14791", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14792", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14793", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14794", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2018-05-22T20:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14798", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html", "name" : "SUSE-SU-2017:3107", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.suse.com/pipermail/sle-security-updates/2017-November/003420.html", "name" : "SUSE-SU-2017:3107", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1062722", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1062722", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1062722", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1062722", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/45184/", "name" : "45184", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.exploit-db.com/exploits/45184/", "name" : "45184", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.suse.com/de-de/security/cve/CVE-2017-14798/", "name" : "https://www.suse.com/de-de/security/cve/CVE-2017-14798/", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.suse.com/de-de/security/cve/CVE-2017-14798/", "name" : "https://www.suse.com/de-de/security/cve/CVE-2017-14798/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "versionEndExcluding" : "9.4-0.5.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.0, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.0, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.4, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-01T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14799", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.novell.com/support/kb/doc.php?id=7022358", "name" : "https://www.novell.com/support/kb/doc.php?id=7022358", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.novell.com/support/kb/doc.php?id=7022358", "name" : "https://www.novell.com/support/kb/doc.php?id=7022358", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-01T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1480", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012309", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012309", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012309", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012309", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/104471", "name" : "104471", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/104471", "name" : "104471", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617", "name" : "ibm-sam-cve20171480-info-disc(128617)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128617", "name" : "ibm-sam-cve20171480-info-disc(128617)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6, and 9.0.0 through 9.0.3.1 stores potentially sensitive information in log files that could be read by a remote user. IBM X-Force ID: 128617." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.0.0", "versionEndIncluding" : "9.0.3.1", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_web:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.1.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:*:*:*:*:*:*:*:*", "versionStartIncluding" : "8.0.0", "versionEndIncluding" : "8.0.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-06-06T17:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14800", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.novell.com/support/kb/doc.php?id=7022356", "name" : "https://www.novell.com/support/kb/doc.php?id=7022356", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.novell.com/support/kb/doc.php?id=7022356", "name" : "https://www.novell.com/support/kb/doc.php?id=7022356", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the \"typecontainerid\" parameter of the policy editor could allowed code injection into pages of authenticated users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-01T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14801", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.novell.com/support/kb/doc.php?id=7022357", "name" : "https://www.novell.com/support/kb/doc.php?id=7022357", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.novell.com/support/kb/doc.php?id=7022357", "name" : "https://www.novell.com/support/kb/doc.php?id=7022357", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.3.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-02T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14802", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.novell.com/support/kb/doc.php?id=7022360", "name" : "https://www.novell.com/support/kb/doc.php?id=7022360", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.novell.com/support/kb/doc.php?id=7022360", "name" : "https://www.novell.com/support/kb/doc.php?id=7022360", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netiq:access_manager:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-02T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14803", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://www.novell.com/support/kb/doc.php?id=7022443", "name" : "https://www.novell.com/support/kb/doc.php?id=7022443", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.novell.com/support/kb/doc.php?id=7022443", "name" : "https://www.novell.com/support/kb/doc.php?id=7022443", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server when accessing a basic SSO connector and downloading the BasicSSO connector plugins on IE11 where an attacker can execute arbitrary code on the system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netiq:access_manager:4.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netiq:access_manager:4.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-20T00:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14804", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", "name" : "SUSE-SU-2017:3253", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", "name" : "SUSE-SU-2017:3253", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html", "name" : "openSUSE-SU-2017:3259", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html", "name" : "openSUSE-SU-2017:3259", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html", "name" : "SUSE-SU-2018:0065", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html", "name" : "SUSE-SU-2018:0065", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-01T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14806", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1065397", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1065397", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1065397", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1065397", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A Improper Certificate Validation vulnerability in susestudio-common of SUSE Studio onsite allows remote attackers to MITM connections to the repositories, which allows the modification of packages received over these connections. This issue affects: SUSE Studio onsite susestudio-common version 1.3.17-56.6.3 and prior versions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suse:susestudio-ui-server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.17-56.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T10:15Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14807", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1065396", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1065396", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.suse.com/show_bug.cgi?id=1065396", "name" : "https://bugzilla.suse.com/show_bug.cgi?id=1065396", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susestudio-ui-server of SUSE Studio onsite allows remote attackers with admin privileges in Studio to alter SQL statements, allowing for extraction and modification of data. This issue affects: SUSE Studio onsite susestudio-ui-server version 1.3.17-56.6.3 and prior versions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suse:studio_onsite:1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:suse:susestudio-ui-server:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.3.17-56.6.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2020-01-27T10:15Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14808", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14809", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14810", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14811", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14812", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14813", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14814", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14815", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14816", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14817", "ASSIGNER" : "security@opentext.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2019-01-02T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14850", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.orpak.com", "name" : "https://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.orpak.com", "name" : "https://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "All known versions of the Orpak SiteOmat web management console is vulnerable to multiple instances of Stored Cross-site Scripting due to improper external user-input validation. An attacker with access to the web interface is able to hijack sessions or navigate victims outside of SiteOmat, to a malicious server owned by him." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4.414.084", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-06-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14851", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.orpak.com", "name" : "https://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.orpak.com", "name" : "https://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A SQL injection vulnerability exists in all Orpak SiteOmat versions prior to 2017-09-25. The vulnerability is in the login page, where the authentication validation process contains an insecure SELECT query. The attack allows for authentication bypass." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4.414.084", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14852", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-310" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.orpak.com", "name" : "http://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.orpak.com", "name" : "http://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SSL certificate. The attack allows for an eavesdropper to capture the communication and decrypt the data." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4.414.084", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14853", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-94" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://www.orpak.com", "name" : "https://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.orpak.com", "name" : "https://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Orpak SiteOmat OrCU component is vulnerable to code injection, for all versions prior to 2017-09-25, due to a search query that uses a direct shell command. By tampering with the request, an attacker is able to run shell commands and receive valid output from the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4.414.122", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-03T19:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14854", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.orpak.com", "name" : "http://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.orpak.com", "name" : "http://www.orpak.com", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/108167", "name" : "108167", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] }, { "url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-122-01", "refsource" : "", "tags" : [ "Third Party Advisory", "US Government Resource" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stack buffer overflow exists in one of the Orpak SiteOmat CGI components, allowing for remote code execution. The vulnerability affects all versions prior to 2017-09-25." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:orpak:siteomat:*:*:*:*:*:*:*:*", "versionEndExcluding" : "6.4.414.122", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-03T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1486", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014202", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014202", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014202", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014202", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128624", "name" : "ibm-cognos-cve20171486-xss(128624)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128624", "name" : "ibm-cognos-cve20171486-xss(128624)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128624." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:cognos_business_intelligence:10.2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:cognos_business_intelligence:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-23T13:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14869", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while performing update of FOTA partition, uninitialized data can be pushed to storage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14870", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while updating the recovery message for eMMC devices, 1088 bytes of stack memory can potentially be leaked." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14872", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01", "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01", "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=1daa83baa41d1e6291e89f69e6487695b6890c01", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-06T17:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14873", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() graphics driver function, a kernel memory overwrite can potentially occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14874", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2021-11-23T21:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14875", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14876", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f26dbd9d9491333766ba383044064b1304127ac0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-21, the parameter params->entries[i].vfe_intf comes from userspace without any bounds check which could potentially result in a kernel out-of-bounds write." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14877", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ca395c15c49cf6463a39d197b6a9331d183d94cb", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ca395c15c49cf6463a39d197b6a9331d183d94cb", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ca395c15c49cf6463a39d197b6a9331d183d94cb", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ca395c15c49cf6463a39d197b6a9331d183d94cb", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-31 is processing IOCTL commands there is no mutex lock of allocated memory. If one thread sends an ioctl cmd IPA_IOC_QUERY_RT_TBL_INDEX while another sends an ioctl cmd IPA_IOC_DEL_RT_RULE, a use-after-free condition may occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14878", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103254", "name" : "103254", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103254", "name" : "103254", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=27f1c544d6737bcb3dc4bb114badcd47ce946a8b", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=27f1c544d6737bcb3dc4bb114badcd47ce946a8b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=27f1c544d6737bcb3dc4bb114badcd47ce946a8b", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=27f1c544d6737bcb3dc4bb114badcd47ce946a8b", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a length variable which is used to copy data has a size of only 8 bits and can be exceeded resulting in a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-15T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14879", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and searching for routing/filer/hdr rule handle from ipa_idr pointer using ipa_idr_find() function, the wrong structure pointer can be returned resulting in a slab out of bound access in the IPA driver." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-10T22:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1488", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627", "name" : "ibm-jazz-cve20171488-info-disc(128627)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128627", "name" : "ibm-jazz-cve20171488-info-disc(128627)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715709", "name" : "https://www-prd-trops.events.ibm.com/node/715709", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715709", "name" : "https://www-prd-trops.events.ibm.com/node/715709", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An undisclosed vulnerability in Jazz common products exists with potential for information disclosure. IBM X-Force ID: 128627." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14880", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable \"num_q6_rule\" does not have a mutex lock and thus can be accessed and modified by multiple threads." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T17:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14881", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=81ea9c34f575422a78015535c619500c34b8a69c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-13, a use-after-free condition may potentially occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14882", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103254", "name" : "103254", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103254", "name" : "103254", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=cd10091f03f6255a47d7146eea5738f1f4ceea35", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=cd10091f03f6255a47d7146eea5738f1f4ceea35", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=cd10091f03f6255a47d7146eea5738f1f4ceea35", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=cd10091f03f6255a47d7146eea5738f1f4ceea35", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing VENDOR specific action frame in the function lim_process_action_vendor_specific(), a comparison is performed with the incoming action frame body without validating if the action frame body received is of valid length, potentially leading to an out-of-bounds access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-15T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14883", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3de34af4e2ca91e1a2260deb380b81620a631c85", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the function wma_unified_power_debug_stats_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-18, if the value param_buf->num_debug_register received from the FW command buffer is close to max of uint32, then the computation performed using this variable to calculate stats_registers_len may overflow to a smaller value leading to less than required memory allocated for power_stats_results and potentially a buffer overflow while copying the FW buffer to local buffer." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14884", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102974", "name" : "102974", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102974", "name" : "102974", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable \"data_len\" from the function WLANQCMBR_McProcessMsg, a buffer overflow may potentially occur in WLANFTM_McProcessMsg." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-23T23:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14885", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103254", "name" : "103254", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103254", "name" : "103254", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-03-01", "name" : "https://source.android.com/security/bulletin/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44e992e169dbd601f95e845961cb2181b167a553", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44e992e169dbd601f95e845961cb2181b167a553", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44e992e169dbd601f95e845961cb2181b167a553", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=44e992e169dbd601f95e845961cb2181b167a553", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, wma_unified_link_peer_stats_event_handler function has a variable num_rates which represents the sum of all the peer_stats->num_rates. The current behavior in this function is to validate only the num_rates of the first peer stats (peer_stats->num_rates) against WMA_SVC_MSG_MAX_SIZE, but not the sum of all the peer's num_rates (num_rates) which may lead to a buffer overflow when the firmware buffer is copied in to the allocated buffer (peer_stats) as the size for the memory allocation - link_stats_results_size is based on num_rates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-15T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14887", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" }, { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4ce28e7c85f89e2c3555ec840b6adda47bd5dab0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of messages of type eWNI_SME_MODIFY_ADDITIONAL_IES, an integer overflow leading to heap buffer overflow may potentially occur." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-16T22:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14888", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-11-01#qualcomm-components", "name" : "https://source.android.com/security/bulletin/pixel/2018-11-01#qualcomm-components", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-11-01#qualcomm-components", "name" : "https://source.android.com/security/bulletin/pixel/2018-11-01#qualcomm-components", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", "name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Userspace can pass IEs to the host driver and if multiple append commands are received, then the integer variable that stores the length can overflow and the subsequent copy of the IE data may potentially lead to a heap buffer overflow." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-12-07T14:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14889", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-129" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755", "name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e11e9dc8298dc0632050cacce96e9652d017f755", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, due to the lack of a range check on the array index into the WMI descriptor pool, arbitrary address execution may potentially occur in the process mgmt completion handler." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-16T22:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14890", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the processing of an SWBA event, the vdev_map value is not properly validated leading to a potential buffer overwrite in function wma_send_bcn_buf_ll()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T17:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14891", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=736667bf08b03fdca824e88b901c2dbdd6703a0c", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-12, the contents of the stack can get leaked due to an uninitialized variable." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14892", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a3bed71777c133cfec78b5140877c6ba109961a0", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a3bed71777c133cfec78b5140877c6ba109961a0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a3bed71777c133cfec78b5140877c6ba109961a0", "name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a3bed71777c133cfec78b5140877c6ba109961a0", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-09-19, the return value of q6asm_open_shared_io() is not checked properly potentially leading to a possible dangling pointer access." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T21:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14893", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "name" : "https://source.android.com/security/bulletin/pixel/2018-06-01#qualcomm-components", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795", "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795", "name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=c8dc3bf07ee909e6e57ad7887f9d3c0ffa5df795", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-06T17:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14894", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in wma_vdev_start_resp_handler(), vdev id is received from firmware as part of WMI_VDEV_START_RESP_EVENTID. This vdev id can be greater than max bssid stored in wma handle and this would result in buffer overwrite while accessing wma_handle->interfaces[vdev_id]." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "LOW", "baseScore" : 7.3, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-03T17:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14906", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, PKCS7 padding is not supported by the crypto storage APIs." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14910", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-02-01", "name" : "https://source.android.com/security/bulletin/2018-02-01", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:s820a_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:s820a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:s820am_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:s820am:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-23T23:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14911", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:apq8096au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8996au:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14912", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14913", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14915", "ASSIGNER" : "security.cna@qualcomm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102386", "name" : "102386", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040106", "name" : "1040106", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://source.android.com/security/bulletin/2018-01-01", "name" : "https://source.android.com/security/bulletin/2018-01-01", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 10.0 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-30T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1493", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-269" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000367", "name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000367", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000367", "name" : "http://www.ibm.com/support/docview.wss?uid=swg2C1000367", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102483", "name" : "102483", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102483", "name" : "102483", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/128691", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated user to edit objects that they should not have access to due to improper access controls. IBM X-Force ID: 128691." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.201:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.4.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.5.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.5.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.2.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:urbancode_deploy:6.1.3.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-09T20:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14948", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-120" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://github.com/badnack/d_link_880_bug/blob/master/README.md", "name" : "https://github.com/badnack/d_link_880_bug/blob/master/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] }, { "url" : "https://github.com/badnack/d_link_880_bug/blob/master/README.md", "name" : "https://github.com/badnack/d_link_880_bug/blob/master/README.md", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Certain D-Link products are affected by: Buffer Overflow. This affects DIR-880L 1.08B04 and DIR-895 L/R 1.13b03. The impact is: execute arbitrary code (remote). The component is: htdocs/fileaccess.cgi. The attack vector is: A crafted HTTP request handled by fileacces.cgi could allow an attacker to mount a ROP attack: if the HTTP header field CONTENT_TYPE starts with ''boundary=' followed by more than 256 characters, a buffer overflow would be triggered, potentially causing code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-868l_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-868l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-890l_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-890l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-885l_firmware:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-885l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-895l_firmware:1.13b03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-895l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-880l_firmware:1.08b04:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-880l:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:dlink:dir-895r_firmware:1.13b03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:dlink:dir-895r:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-10-14T18:15Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14960", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/fulldisclosure/2018/Jan/6", "name" : "20180102 EMC xDashboard - SQL Injection Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/fulldisclosure/2018/Jan/6", "name" : "20180102 EMC xDashboard - SQL Injection Vulnerability", "refsource" : "", "tags" : [ "Exploit", "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102419", "name" : "102419", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102419", "name" : "102419", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43422/", "name" : "43422", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43422/", "name" : "43422", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:opentext:document_sciences_xpression:*:sp1_p13:*:*:*:*:*:*", "versionEndIncluding" : "4.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-04T17:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1499", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-434" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012781", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012781", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012781", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012781", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129106", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker to include arbitrary files, which could allow the attacker to execute arbitrary code on the vulnerable Web server. IBM X-Force ID: 129106." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management:7.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management:7.6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:maximo_asset_management_essentials:7.5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-14T15:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-14993", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-425" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugs.oxid-esales.com/view.php?id=6678", "name" : "https://bugs.oxid-esales.com/view.php?id=6678", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugs.oxid-esales.com/view.php?id=6678", "name" : "https://bugs.oxid-esales.com/view.php?id=6678", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2017-002.html", "name" : "https://oxidforge.org/en/security-bulletin-2017-002.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://oxidforge.org/en/security-bulletin-2017-002.html", "name" : "https://oxidforge.org/en/security-bulletin-2017-002.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x before 4.10.6 (maintenance), and 4.9.x before 4.9.11 (legacy), Enterprise Edition before 6.0.0 RC3 (development), 5.2.x before 5.2.11 (legacy), and 5.3.x before 5.3.6 (maintenance), and Professional Edition before 6.0.0 RC3 (development), 4.9.x before 4.9.11 (legacy) and 4.10.x before 4.10.6 (maintenance) allow remote attackers to crawl specially crafted URLs (aka \"forced browsing\") in order to overflow the database of the shop and consequently make it stop working. Prerequisite: the shop allows rendering empty categories to the storefront via an admin option." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:professional:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc1:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:enterprise:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "5.3.0", "versionEndExcluding" : "5.3.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:enterprise:*:*:*", "versionStartIncluding" : "5.2.0", "versionEndExcluding" : "5.2.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:professional:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "versionStartIncluding" : "4.9.0", "versionEndExcluding" : "4.9.11", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:professional:*:*:*", "versionStartIncluding" : "4.10.0", "versionEndExcluding" : "4.10.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:6.0.0:rc2:*:*:community:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "versionStartIncluding" : "4.10.0", "versionEndExcluding" : "4.10.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oxid-esales:eshop:*:*:*:*:community:*:*:*", "versionStartIncluding" : "4.9.0", "versionEndExcluding" : "4.9.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-20T23:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15029", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-918" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://open-xchange.com", "name" : "http://open-xchange.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://open-xchange.com", "name" : "http://open-xchange.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-05-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15030", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://open-xchange.com", "name" : "http://open-xchange.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://open-xchange.com", "name" : "http://open-xchange.com", "refsource" : "", "tags" : [ "Product" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "http://ox.com", "name" : "http://ox.com", "refsource" : "", "tags" : [ "Broken Link", "Not Applicable" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "name" : "https://documentation.open-xchange.com/7.8.3/release-notes/release-notes.html", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:open-xchange:open-xchange_appsuite:*:*:*:*:*:*:*:*", "versionEndIncluding" : "7.8.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2019-05-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15031", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/106271", "name" : "106271", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/106271", "name" : "106271", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5", "name" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5", "name" : "https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-5", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:arm:arm-trusted-firmware:*:*:*:*:*:*:*:*", "versionEndIncluding" : "1.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-12-18T16:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15043", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/", "name" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] }, { "url" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/", "name" : "https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/swi-psa-2018-003-technical-bulletin-reaper/", "refsource" : "", "tags" : [ "Mitigation", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and LS300 routers with firmware before 4.4.5 and GX450, ES450, RV50, RV50X, MP70, and MP70E routers with firmware before 4.9 could allow an authenticated remote attacker to execute arbitrary code and gain full control of an affected system, including issuing commands with root privileges. This vulnerability is due to insufficient input validation on user-controlled input in an HTTP request to the targeted device. An attacker in possession of router login credentials could exploit this vulnerability by sending a crafted HTTP request to an affected system." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:gx440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:gx440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:es440_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:es440:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:ls300_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:ls300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:gx400_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.4.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:gx400:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:es450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.9", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:es450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:rv50_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.9", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:rv50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:rv50x_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.9", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:rv50x:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:mp70_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.9", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:mp70:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:mp70e_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.9", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:mp70e:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:sierrawireless:gx450_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.9", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:sierrawireless:gx450:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.0 }, "severity" : "HIGH", "exploitabilityScore" : 8.0, "impactScore" : 10.0, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-05-04T20:29Z", "lastModifiedDate" : "2024-11-21T03:13Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1506", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012623", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012623", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012623", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012623", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102892", "name" : "102892", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102892", "name" : "102892", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040302", "name" : "1040302", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040302", "name" : "1040302", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129617", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129617", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129617", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129617", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129617." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:cognos_tm1:10.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:cognos_tm1:10.2:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T21:29Z", "lastModifiedDate" : "2024-11-21T03:21Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15064", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15065", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15066", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15067", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15068", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15069", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15070", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15071", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15072", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15073", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15074", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15075", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15076", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15077", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15078", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue associated with the originally named downstream provider. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-06T17:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15083", "ASSIGNER" : "cve@mitre.org" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1642. Reason: This candidate is a reservation duplicate of CVE-2009-1642.2. Notes: All CVE users should reference CVE-2009-1642 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-10-11T18:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15089", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1040360", "name" : "1040360", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040360", "name" : "1040360", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0294", "name" : "RHSA-2018:0294", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0294", "name" : "RHSA-2018:0294", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0501", "name" : "RHSA-2018:0501", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0501", "name" : "RHSA-2018:0501", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1326", "name" : "RHSA-2019:1326", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1326", "name" : "RHSA-2019:1326", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/infinispan/infinispan/pull/5639", "name" : "https://github.com/infinispan/infinispan/pull/5639", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/infinispan/infinispan/pull/5639", "name" : "https://github.com/infinispan/infinispan/pull/5639", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infinispan:infinispan:9.2.0:cr1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infinispan:infinispan:9.2.0:beta2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infinispan:infinispan:9.2.0:beta1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infinispan:infinispan:9.2.0:alpha2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infinispan:infinispan:9.2.0:alpha1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*", "versionEndIncluding" : "9.1.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T17:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1509", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719", "name" : "ibm-jazz-cve20171509-info-disc(129719)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129719", "name" : "ibm-jazz-cve20171509-info-disc(129719)", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715709", "name" : "https://www-prd-trops.events.ibm.com/node/715709", "refsource" : "", "tags" : [ "Permissions Required" ] }, { "url" : "https://www-prd-trops.events.ibm.com/node/715709", "name" : "https://www-prd-trops.events.ibm.com/node/715709", "refsource" : "", "tags" : [ "Permissions Required" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-06T14:29Z", "lastModifiedDate" : "2024-11-21T03:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15090", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-347" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15091", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-358" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html", "name" : "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html", "name" : "https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.4", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.4.11", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "HIGH", "baseScore" : 7.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 4.2 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 5.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15092", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15093", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html", "refsource" : "", "tags" : [ "Mitigation", "Patch", "Vendor Advisory" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html", "refsource" : "", "tags" : [ "Mitigation", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.6", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "3.0", "versionEndIncluding" : "3.7.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15094", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101982", "name" : "101982", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html", "refsource" : "", "tags" : [ "Mitigation", "Patch", "Vendor Advisory" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html", "refsource" : "", "tags" : [ "Mitigation", "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15095", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-502" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/103880", "name" : "103880", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103880", "name" : "103880", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039769", "name" : "1039769", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039769", "name" : "1039769", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3189", "name" : "RHSA-2017:3189", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3189", "name" : "RHSA-2017:3189", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3190", "name" : "RHSA-2017:3190", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3190", "name" : "RHSA-2017:3190", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0342", "name" : "RHSA-2018:0342", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0342", "name" : "RHSA-2018:0342", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0478", "name" : "RHSA-2018:0478", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0479", "name" : "RHSA-2018:0479", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0480", "name" : "RHSA-2018:0480", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0481", "name" : "RHSA-2018:0481", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0576", "name" : "RHSA-2018:0576", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0576", "name" : "RHSA-2018:0576", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0577", "name" : "RHSA-2018:0577", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0577", "name" : "RHSA-2018:0577", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1447", "name" : "RHSA-2018:1447", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1447", "name" : "RHSA-2018:1447", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1448", "name" : "RHSA-2018:1448", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1448", "name" : "RHSA-2018:1448", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1449", "name" : "RHSA-2018:1449", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1449", "name" : "RHSA-2018:1449", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1450", "name" : "RHSA-2018:1450", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1450", "name" : "RHSA-2018:1450", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1451", "name" : "RHSA-2018:1451", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1451", "name" : "RHSA-2018:1451", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:2927", "name" : "RHSA-2018:2927", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:2858", "name" : "RHSA-2019:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:2858", "name" : "RHSA-2019:2858", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:3149", "name" : "RHSA-2019:3149", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:3149", "name" : "RHSA-2019:3149", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:3892", "name" : "RHSA-2019:3892", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:3892", "name" : "RHSA-2019:3892", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/FasterXML/jackson-databind/issues/1680", "name" : "https://github.com/FasterXML/jackson-databind/issues/1680", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/FasterXML/jackson-databind/issues/1680", "name" : "https://github.com/FasterXML/jackson-databind/issues/1680", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/FasterXML/jackson-databind/issues/1737", "name" : "https://github.com/FasterXML/jackson-databind/issues/1737", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/FasterXML/jackson-databind/issues/1737", "name" : "https://github.com/FasterXML/jackson-databind/issues/1737", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E", "name" : "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E", "name" : "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html", "name" : "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html", "name" : "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20171214-0003/", "name" : "https://security.netapp.com/advisory/ntap-20171214-0003/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.netapp.com/advisory/ntap-20171214-0003/", "name" : "https://security.netapp.com/advisory/ntap-20171214-0003/", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4037", "name" : "DSA-4037", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4037", "name" : "DSA-4037", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "name" : "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "name" : "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.8.0", "versionEndExcluding" : "2.8.10", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.7.0", "versionEndExcluding" : "2.7.9.2", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndExcluding" : "2.6.7.2", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:linux:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:identity_manager:11.1.2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:database_server:18.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", "versionStartIncluding" : "17.1", "versionEndIncluding" : "17.12", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*", "versionEndExcluding" : "8.3", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*", "versionEndExcluding" : "12.2.0.1.14", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-06T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15097", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securitytracker.com/id/1039983", "name" : "1039983", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1039983", "name" : "1039983", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3402", "name" : "RHSA-2017:3402", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3402", "name" : "RHSA-2017:3402", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3403", "name" : "RHSA-2017:3403", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3403", "name" : "RHSA-2017:3403", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3404", "name" : "RHSA-2017:3404", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3404", "name" : "RHSA-2017:3404", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3405", "name" : "RHSA-2017:3405", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3405", "name" : "RHSA-2017:3405", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15097", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use these flaws to obtain root access on the server machine." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T20:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15101", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2017:3384", "name" : "RHSA-2017:3384", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2017:3384", "name" : "RHSA-2017:3384", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15101", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:liblouis:liblouis:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.5.4", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T20:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15105", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102817", "name" : "102817", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102817", "name" : "102817", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html", "name" : "[debian-lts-announce] 20180130 [SECURITY] [DLA 1264-1] unbound security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00039.html", "name" : "[debian-lts-announce] 20180130 [SECURITY] [DLA 1264-1] unbound security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html", "name" : "[debian-lts-announce] 20190214 [SECURITY] [DLA 1676-1] unbound security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00022.html", "name" : "[debian-lts-announce] 20190214 [SECURITY] [DLA 1676-1] unbound security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://unbound.net/downloads/CVE-2017-15105.txt", "name" : "https://unbound.net/downloads/CVE-2017-15105.txt", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://unbound.net/downloads/CVE-2017-15105.txt", "name" : "https://unbound.net/downloads/CVE-2017-15105.txt", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://usn.ubuntu.com/3673-1/", "name" : "USN-3673-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3673-1/", "name" : "USN-3673-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the way unbound before 1.6.8 validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:nlnetlabs:unbound:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.6.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15106", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-08-08T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15107", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html", "name" : "openSUSE-SU-2019:2669", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html", "name" : "openSUSE-SU-2019:2669", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html", "name" : "[dnsmasq-discuss] 20180119 DNSSEC security fix.", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html", "name" : "[dnsmasq-discuss] 20180119 DNSSEC security fix.", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102812", "name" : "102812", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102812", "name" : "102812", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.78", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15108", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", "name" : "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", "name" : "https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", "name" : "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html", "name" : "[debian-lts-announce] 20210113 [SECURITY] [DLA 2524-1] spice-vdagent security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201804-09", "name" : "GLSA-201804-09", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://security.gentoo.org/glsa/201804-09", "name" : "GLSA-201804-09", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*", "versionEndIncluding" : "0.17.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-20T00:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15109", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-08-08T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15111", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-59" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2019:2137", "name" : "RHSA-2019:2137", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:2137", "name" : "RHSA-2019:2137", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440", "name" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440", "name" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/07f26e213196936fb328ea0c1d5a66a09d8b5440", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "keycloak-httpd-client-install versions before 0.8 insecurely creates temporary file allowing local attackers to overwrite other files via symbolic link." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "HIGH", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 3.6 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-20T00:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15112", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2019:2137", "name" : "RHSA-2019:2137", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:2137", "name" : "RHSA-2019:2137", "refsource" : "", "tags" : [ ] }, { "url" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75", "name" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75", "name" : "https://github.com/jdennis/keycloak-httpd-client-install/commit/c3121b271abaaa1a76de2b9ae89dacde0105cd75", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:keycloak-httpd-client-install_project:keycloak-httpd-client-install:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.8", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-20T00:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15113", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-532" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/101933", "name" : "101933", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101933", "name" : "101933", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHEA-2017:3138", "name" : "RHEA-2017:3138", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHEA-2017:3138", "name" : "RHEA-2017:3138", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15113", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4", "name" : "https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4", "refsource" : "", "tags" : [ ] }, { "url" : "https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4", "name" : "https://gerrit.ovirt.org/gitweb?p=ovirt-engine.git%3Ba=commitdiff%3Bh=f4a5d0cc772127dbfe40789e26c4633ceea07d14%3Bhp=e6e8704ac9eb115624ff66e2965877d8e63a45f4", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "ovirt-engine before version 4.1.7.6 with log level set to DEBUG includes passwords in the log file without masking. Only administrators can change the log level and only administrators can access the logs. This presents a risk when debug-level logs are shared with vendors or other parties to troubleshoot issues." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ovirt:ovirt:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.1.7.6", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:4.1:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.6, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.7, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15117", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2017-11-27T16:29Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15118", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-787" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2017/11/28/8", "name" : "http://www.openwall.com/lists/oss-security/2017/11/28/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/11/28/8", "name" : "http://www.openwall.com/lists/oss-security/2017/11/28/8", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/101975", "name" : "101975", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/101975", "name" : "101975", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1104", "name" : "RHSA-2018:1104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1104", "name" : "RHSA-2018:1104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15118", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html", "refsource" : "", "tags" : [ "Exploit", "Patch", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3575-1/", "name" : "USN-3575-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3575-1/", "name" : "USN-3575-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.exploit-db.com/exploits/43194/", "name" : "43194", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://www.exploit-db.com/exploits/43194/", "name" : "43194", "refsource" : "", "tags" : [ "Exploit", "Third Party Advisory", "VDB Entry" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.11", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 9.8, "baseSeverity" : "CRITICAL" }, "exploitabilityScore" : 3.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 7.5 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T21:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15119", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.openwall.com/lists/oss-security/2017/11/28/9", "name" : "http://www.openwall.com/lists/oss-security/2017/11/28/9", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.openwall.com/lists/oss-security/2017/11/28/9", "name" : "http://www.openwall.com/lists/oss-security/2017/11/28/9", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102011", "name" : "102011", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102011", "name" : "102011", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1104", "name" : "RHSA-2018:1104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1104", "name" : "RHSA-2018:1104", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1113", "name" : "RHSA-2018:1113", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1113", "name" : "RHSA-2018:1113", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15119", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html", "name" : "https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3575-1/", "name" : "USN-3575-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3575-1/", "name" : "USN-3575-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4213", "name" : "DSA-4213", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4213", "name" : "DSA-4213", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Network Block Device (NBD) server in Quick Emulator (QEMU) before 2.11 is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other requests, resulting in DoS." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.11.0", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 8.6, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 4.0 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15120", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-476" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2017/q4/382", "name" : "[oss-security] 20171211 PowerDNS Security Advisory 2017-08", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2017/q4/382", "name" : "[oss-security] 20171211 PowerDNS Security Advisory 2017-08", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/106335", "name" : "106335", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/106335", "name" : "106335", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15120", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html", "name" : "https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4063", "name" : "DSA-4063", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2017/dsa-4063", "name" : "DSA-4063", "refsource" : "", "tags" : [ "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.0.8", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-27T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15122", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2022-08-08T19:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15123", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-306" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/108690", "name" : "108690", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/108690", "name" : "108690", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15123", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/", "name" : "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/", "refsource" : "", "tags" : [ ] }, { "url" : "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/", "name" : "https://hacked0x90.wordpress.com/2019/07/17/cve-2017-15123-exploit/", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the CloudForms web interface, versions 5.8 - 5.10, where the RSS feed URLs are not properly restricted to authenticated users only. An attacker could use this flaw to view potentially sensitive information from CloudForms including data such as newly created virtual machines." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*", "versionStartIncluding" : "5.8", "versionEndIncluding" : "5.10", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2019-06-12T14:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15124", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102295", "name" : "102295", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/102295", "name" : "102295", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0816", "name" : "RHSA-2018:0816", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0816", "name" : "RHSA-2018:0816", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1104", "name" : "RHSA-2018:1104", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1104", "name" : "RHSA-2018:1104", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1113", "name" : "RHSA-2018:1113", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1113", "name" : "RHSA-2018:1113", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3062", "name" : "RHSA-2018:3062", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3062", "name" : "RHSA-2018:3062", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525195", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525195", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525195", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525195", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3575-1/", "name" : "USN-3575-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3575-1/", "name" : "USN-3575-1", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4213", "name" : "DSA-4213", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4213", "name" : "DSA-4213", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to the server host." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*", "versionEndIncluding" : "2.11.0", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "acInsufInfo" : false, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15125", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/102287", "name" : "102287", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102287", "name" : "102287", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0380", "name" : "RHSA-2018:0380", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0380", "name" : "RHSA-2018:0380", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15125", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in CloudForms before 5.9.0.22 in the self-service UI snapshot feature where the name field is not properly sanitized for HTML and JavaScript input. An attacker could use this flaw to execute a stored XSS attack on an application administrator using CloudForms. Please note that CSP (Content Security Policy) prevents exploitation of this XSS however not all browsers support CSP." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:cloudforms_management_engine:*:*:*:*:*:*:*:*", "versionEndExcluding" : "5.9.0.22", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-07-27T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15126", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=384632e67e0829deb8015ee6ad916b180049d252", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102516", "name" : "102516", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102516", "name" : "102516", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0676", "name" : "RHSA-2018:0676", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0676", "name" : "RHSA-2018:0676", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1062", "name" : "RHSA-2018:1062", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1062", "name" : "RHSA-2018:1062", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15126", "name" : "https://access.redhat.com/security/cve/CVE-2017-15126", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15126", "name" : "https://access.redhat.com/security/cve/CVE-2017-15126", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1523481", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1523481", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1523481", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1523481", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252", "name" : "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252", "name" : "https://github.com/torvalds/linux/commit/384632e67e0829deb8015ee6ad916b180049d252", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6", "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6", "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel before 4.13.6. The issue is related to the handling of fork failure when dealing with event messages. Failure to fork correctly can lead to a situation where a fork event will be removed from an already freed list of events with userfaultfd_ctx_put()." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.11", "versionEndExcluding" : "4.13.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-14T06:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15127", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-460" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102517", "name" : "102517", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/102517", "name" : "102517", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0676", "name" : "RHSA-2018:0676", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0676", "name" : "RHSA-2018:0676", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1062", "name" : "RHSA-2018:1062", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1062", "name" : "RHSA-2018:1062", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15127", "name" : "https://access.redhat.com/security/cve/CVE-2017-15127", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15127", "name" : "https://access.redhat.com/security/cve/CVE-2017-15127", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525218", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", "name" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", "name" : "https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndExcluding" : "4.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-14T06:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15128", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15128", "name" : "https://access.redhat.com/security/cve/CVE-2017-15128", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15128", "name" : "https://access.redhat.com/security/cve/CVE-2017-15128", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525222", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525222", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525222", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525222", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df", "name" : "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df", "name" : "https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12", "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12", "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12", "refsource" : "", "tags" : [ "Issue Tracking", "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionEndIncluding" : "4.13.11", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-14T06:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15129", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-362" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0", "name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "http://seclists.org/oss-sec/2018/q1/7", "name" : "http://seclists.org/oss-sec/2018/q1/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2018/q1/7", "name" : "http://seclists.org/oss-sec/2018/q1/7", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102485", "name" : "102485", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "http://www.securityfocus.com/bid/102485", "name" : "102485", "refsource" : "", "tags" : [ "Broken Link" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0654", "name" : "RHSA-2018:0654", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0654", "name" : "RHSA-2018:0654", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0676", "name" : "RHSA-2018:0676", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0676", "name" : "RHSA-2018:0676", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1062", "name" : "RHSA-2018:1062", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:1062", "name" : "RHSA-2018:1062", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1946", "name" : "RHSA-2019:1946", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:1946", "name" : "RHSA-2019:1946", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15129", "name" : "https://access.redhat.com/security/cve/CVE-2017-15129", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/security/cve/CVE-2017-15129", "name" : "https://access.redhat.com/security/cve/CVE-2017-15129", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531174", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531174", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531174", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531174", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0", "name" : "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0", "name" : "https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://marc.info/?l=linux-netdev&m=151370451121029&w=2", "name" : "https://marc.info/?l=linux-netdev&m=151370451121029&w=2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://marc.info/?l=linux-netdev&m=151370451121029&w=2", "name" : "https://marc.info/?l=linux-netdev&m=151370451121029&w=2", "refsource" : "", "tags" : [ "Mailing List", "Patch", "Third Party Advisory" ] }, { "url" : "https://marc.info/?t=151370468900001&r=1&w=2", "name" : "https://marc.info/?t=151370468900001&r=1&w=2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://marc.info/?t=151370468900001&r=1&w=2", "name" : "https://marc.info/?t=151370468900001&r=1&w=2", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3617-1/", "name" : "USN-3617-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3617-1/", "name" : "USN-3617-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3617-2/", "name" : "USN-3617-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3617-2/", "name" : "USN-3617-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3617-3/", "name" : "USN-3617-3", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3617-3/", "name" : "USN-3617-3", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3619-1/", "name" : "USN-3619-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3619-1/", "name" : "USN-3619-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3619-2/", "name" : "USN-3619-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3619-2/", "name" : "USN-3619-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3632-1/", "name" : "USN-3632-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3632-1/", "name" : "USN-3632-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11", "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11", "refsource" : "", "tags" : [ "Release Notes" ] }, { "url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11", "name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11", "refsource" : "", "tags" : [ "Release Notes" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:4.15:rc4:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:4.15:rc1:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:4.15:rc2:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:4.15:rc3:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndExcluding" : "4.14.11", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_real_time:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-09T19:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15130", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://seclists.org/oss-sec/2018/q1/205", "name" : "[oss-security] 20180301 Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "http://seclists.org/oss-sec/2018/q1/205", "name" : "[oss-security] 20180301 Dovecot Security Advisory: CVE-2017-15130 TLS SNI config lookups are inefficient and can be used for DoS", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532356", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532356", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532356", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532356", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html", "name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html", "name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3587-1/", "name" : "USN-3587-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3587-1/", "name" : "USN-3587-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3587-2/", "name" : "USN-3587-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://usn.ubuntu.com/3587-2/", "name" : "USN-3587-2", "refsource" : "", "tags" : [ ] }, { "url" : "https://www.debian.org/security/2018/dsa-4130", "name" : "DSA-4130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4130", "name" : "DSA-4130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html", "name" : "[dovecot-news] 20180228 v2.2.34 released", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] }, { "url" : "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html", "name" : "[dovecot-news] 20180228 v2.2.34 released", "refsource" : "", "tags" : [ "Release Notes", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "versionEndExcluding" : "2.2.34", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.9, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.2, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-02T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15131", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:0842", "name" : "RHSA-2018:0842", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0842", "name" : "RHSA-2018:0842", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412762", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "name" : "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E", "name" : "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar", "refsource" : "", "tags" : [ ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:freedesktop:xdg-user-dirs:*:*:*:*:*:*:*:*", "versionEndExcluding" : "0.15.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:P/I:P/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 4.6 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15132", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532768", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532768", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532768", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1532768", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch", "name" : "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch", "name" : "https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch", "refsource" : "", "tags" : [ "Patch", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html", "name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00036.html", "name" : "[debian-lts-announce] 20180331 [SECURITY] [DLA 1333-1] dovecot security update", "refsource" : "", "tags" : [ "Mailing List", "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3556-1/", "name" : "USN-3556-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3556-1/", "name" : "USN-3556-1", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3556-2/", "name" : "USN-3556-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://usn.ubuntu.com/3556-2/", "name" : "USN-3556-2", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4130", "name" : "DSA-4130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.debian.org/security/2018/dsa-4130", "name" : "DSA-4130", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html", "name" : "[dovecot-news] 20180228 v2.2.34 released", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://www.dovecot.org/list/dovecot-news/2018-February/000370.html", "name" : "[dovecot-news] 20180228 v2.2.34 released", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dovecot:dovecot:*:*:*:*:*:*:*:*", "versionStartIncluding" : "2.0.0", "versionEndIncluding" : "2.2.33", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:dovecot:dovecot:2.3.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-25T20:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15133", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1538763", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1538763", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1538763", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1538763", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/miekg/dns/issues/627", "name" : "https://github.com/miekg/dns/issues/627", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] }, { "url" : "https://github.com/miekg/dns/issues/627", "name" : "https://github.com/miekg/dns/issues/627", "refsource" : "", "tags" : [ "Issue Tracking", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A denial of service flaw was found in miekg-dns before 1.0.4. A remote attacker could use carefully timed TCP packets to block the DNS server from accepting new connections." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:miekg-dns_prject:miekg-dns:*:*:*:*:*:*:*:*", "versionEndExcluding" : "1.0.4", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-29T19:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15134", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html", "name" : "openSUSE-SU-2019:1397", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html", "name" : "openSUSE-SU-2019:1397", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/102790", "name" : "102790", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102790", "name" : "102790", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0163", "name" : "RHSA-2018:0163", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0163", "name" : "RHSA-2018:0163", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531573", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531573", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531573", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1531573", "refsource" : "", "tags" : [ "Issue Tracking", "Patch" ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html", "name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html", "name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "refsource" : "", "tags" : [ ] }, { "url" : "https://pagure.io/389-ds-base/c/6aa2acdc3cad9", "name" : "https://pagure.io/389-ds-base/c/6aa2acdc3cad9", "refsource" : "", "tags" : [ "Patch" ] }, { "url" : "https://pagure.io/389-ds-base/c/6aa2acdc3cad9", "name" : "https://pagure.io/389-ds-base/c/6aa2acdc3cad9", "refsource" : "", "tags" : [ "Patch" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x before 1.3.6.13, 1.3.7.x before 1.3.7.9, 1.4.x before 1.4.0.5 handled certain LDAP search filters. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.4.0.0", "versionEndExcluding" : "1.4.0.5", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.7.1", "versionEndExcluding" : "1.3.7.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.6.1", "versionEndExcluding" : "1.3.6.13", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-01T22:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15135", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html", "name" : "openSUSE-SU-2019:1397", "refsource" : "", "tags" : [ ] }, { "url" : "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00033.html", "name" : "openSUSE-SU-2019:1397", "refsource" : "", "tags" : [ ] }, { "url" : "http://www.securityfocus.com/bid/102811", "name" : "102811", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102811", "name" : "102811", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0414", "name" : "RHSA-2018:0414", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0414", "name" : "RHSA-2018:0414", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0515", "name" : "RHSA-2018:0515", "refsource" : "", "tags" : [ ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:0515", "name" : "RHSA-2018:0515", "refsource" : "", "tags" : [ ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1525628", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "It was found that 389-ds-base since 1.3.6.1 up to and including 1.4.0.3 did not always handle internal hash comparison operations correctly during the authentication process. A remote, unauthenticated attacker could potentially use this flaw to bypass the authentication process under very rare and specific circumstances." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:fedoraproject:389_directory_server:*:*:*:*:*:*:*:*", "versionStartIncluding" : "1.3.6.1", "versionEndIncluding" : "1.4.0.3", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.1, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.2, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-24T15:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15136", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.securityfocus.com/bid/103210", "name" : "103210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103210", "name" : "103210", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1540343", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1540343", "refsource" : "", "tags" : [ "Issue Tracking" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1540343", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1540343", "refsource" : "", "tags" : [ "Issue Tracking" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "When registering and activating a new system with Red Hat Satellite 6 if the new systems hostname is then reset to the hostname of a previously registered system the previously registered system will lose access to updates including security updates." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 2.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 1.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-27T21:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15137", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHBA-2018:0489", "name" : "RHBA-2018:0489", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHBA-2018:0489", "name" : "RHBA-2018:0489", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15137", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OpenShift image import whitelist failed to enforce restrictions correctly when running commands such as \"oc tag\", for example. This could allow a user with access to OpenShift to run images from registries that should not be allowed." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-07-16T20:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15138", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHBA-2018:0489", "name" : "RHBA-2018:0489", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHBA-2018:0489", "name" : "RHBA-2018:0489", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15138", "refsource" : "", "tags" : [ "Issue Tracking", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.1, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-13T17:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15139", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "https://access.redhat.com/errata/RHSA-2018:3601", "name" : "RHSA-2018:3601", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2018:3601", "name" : "RHSA-2018:3601", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:0917", "name" : "RHSA-2019:0917", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://access.redhat.com/errata/RHSA-2019:0917", "name" : "RHSA-2019:0917", "refsource" : "", "tags" : [ "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", "name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15139", "refsource" : "", "tags" : [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0084", "name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0084", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] }, { "url" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0084", "name" : "https://wiki.openstack.org/wiki/OSSN/OSSN-0084", "refsource" : "", "tags" : [ "Mitigation", "Third Party Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "A vulnerability was found in openstack-cinder releases up to and including Queens, allowing newly created volumes in certain storage volume configurations to contain previous data. It specifically affects ScaleIO volumes using thin volumes and zero padding. This could lead to leakage of sensitive information between tenants." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:openstack:cinder:*:*:*:*:*:*:*:*", "versionEndIncluding" : "12.0.4-7", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openstack:10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.1", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "acInsufInfo" : true, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-08-27T17:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15140", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15141", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15142", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15143", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15144", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15145", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15146", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15147", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15148", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15149", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1515", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102872", "name" : "102872", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102872", "name" : "102872", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129825", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129825", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129825", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129825", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to obtain sensitive information from HTTP internal server error responses. IBM X-Force ID: 129825." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.2.0", "versionEndIncluding" : "9.5.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.1.0", "versionEndIncluding" : "9.5.1.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.0.0", "versionEndIncluding" : "9.5.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.6.1.0", "versionEndIncluding" : "9.6.1.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.6.0.0", "versionEndIncluding" : "9.6.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-01-26T21:29Z", "lastModifiedDate" : "2025-02-05T18:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15150", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15151", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15152", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15153", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15154", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15155", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15156", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15157", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15158", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15159", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1516", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102867", "name" : "102867", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102867", "name" : "102867", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129826", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 129826." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.2.0", "versionEndIncluding" : "9.5.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.1.0", "versionEndIncluding" : "9.5.1.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.0.0", "versionEndIncluding" : "9.5.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.6.1.0", "versionEndIncluding" : "9.6.1.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.6.0.0", "versionEndIncluding" : "9.6.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T21:29Z", "lastModifiedDate" : "2025-02-05T18:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15160", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15161", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15162", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15163", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15164", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15165", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15166", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15167", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15168", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15169", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15170", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15171", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15172", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15173", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15174", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15175", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15176", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15177", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15178", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15179", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15180", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15181", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15182", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15183", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15184", "ASSIGNER" : "secalert@redhat.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ ] } ] }, "references" : { "reference_data" : [ ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none" } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ ] }, "impact" : { }, "publishedDate" : "2020-11-05T23:15Z", "lastModifiedDate" : "2023-11-07T02:39Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1524", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014815", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014815", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22014815", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22014815", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/103477", "name" : "103477", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/103477", "name" : "103477", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/129970", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request that could be used to aid future attacks. IBM X-Force ID: 129970." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_collaborative_lifecycle_management:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_quality_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_team_concert:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.1", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_doors_next_generation:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.3", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_engineering_lifecycle_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_rhapsody_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "6.0.0", "versionEndIncluding" : "6.0.5", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:5.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:6.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:rational_software_architect_design_manager:*:*:*:*:*:*:*:*", "versionStartIncluding" : "4.0.0", "versionEndIncluding" : "4.0.7", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-23T19:29Z", "lastModifiedDate" : "2024-11-21T03:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15314", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-xml-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 V100R001C10SPC300, V100R001C10SPC500, V100R001C10SPC600, V100R001C10SPC700, V500R002C00SPC200, V500R002C00SPC500, V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE40 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPC900, V500R002C00SPCb00, V600R006C00, TE50 V500R002C00SPC600, V500R002C00SPC700, V500R002C00SPCb00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have a memory leak vulnerability due to memory don't be released when the XML parser process some node fail. An attacker could exploit it to cause memory leak, which may further lead to system exceptions." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10spc300:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10spc600:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10spc700:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00spc500:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00spc600:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00spc700:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00spcb00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00spc600:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00spc700:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00spc900:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00spcb00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00spc600:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00spc700:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00spcb00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.1 }, "severity" : "LOW", "exploitabilityScore" : 3.9, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15315", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-command-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, NIP6600 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6300 V500R001C20SPC100, V500R001C20SPC200, Secospace USG6500 V500R001C20SPC100, V500R001C20SPC200 has a memory leak vulnerability. An authenticated attacker could execute special commands many times, the memory leaking happened, which would cause the device to reset finally." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 6.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 6.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1532", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012789", "refsource" : "", "tags" : [ "Patch", "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102888", "name" : "102888", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102888", "name" : "102888", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130411", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.2.0", "versionEndIncluding" : "9.5.2.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.1.0", "versionEndIncluding" : "9.5.1.8", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.5.0.0", "versionEndIncluding" : "9.5.0.7", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.6.1.0", "versionEndIncluding" : "9.6.1.9", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:engineering_requirements_management_doors:*:*:*:*:*:*:*:*", "versionStartIncluding" : "9.6.0.0", "versionEndIncluding" : "9.6.0.6", "cpe_name" : [ ] } ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 5.4, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.3, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:S/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "SINGLE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 3.5 }, "severity" : "LOW", "exploitabilityScore" : 6.8, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-26T21:29Z", "lastModifiedDate" : "2025-02-05T18:38Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15323", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-pse-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, V500R001C30, Secospace USG6500 V500R001C00, V500R001C20, V500R001C30, TE60 V100R001C01, V100R001C10, V100R003C00, V500R002C00, V600R006C00, TP3106 V100R001C06, V100R002C00, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eCNS210_TD V100R004C10, eSpace U1981 V200R003C30 have a DoS vulnerability caused by memory exhaustion in some Huawei products. For lacking of adequate input validation, attackers can craft and send some malformed messages to the target device to exhaust the memory of the device and cause a Denial of Service (DoS)." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3106_firmware:v100r001c06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tp3106:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ecns210_td:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 4.9 }, "severity" : "MEDIUM", "exploitabilityScore" : 3.9, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-03-09T21:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15325", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180321-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-TL10AC01B211 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP and execute it as a specific privilege; the APP can then send a specific parameter to the driver of the smart phone, causing arbitrary code execution." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:prague-al00a_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "prague-al00ac00b211", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:prague-al00a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:prague-al00b_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "prague-al00bc00b211", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:prague-al00b:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:prague-al00c_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "prague-al00cc00b211", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:prague-al00c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:prague-tl00a_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "prague-tl00ac01b211", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:prague-tl00a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:prague-tl10a_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding" : "prague-tl10ac01b211", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:prague-tl10a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 7.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 1.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:C/I:C/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 9.3 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15326", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-327" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180321-01-encryption-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption algorithm security vulnerability. DBS3900 TDD LTE supports SSL/TLS protocol negotiation using insecure encryption algorithms. If an insecure encryption algorithm is negotiated in the communication, an unauthenticated remote attacker can exploit this vulnerability to crack the encrypted data and cause information leakage." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dbs3900_tdd_lte_firmware:v100r004c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dbs3900_tdd_lte:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-03-23T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15327", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-200" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180328-01-authentication-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R007C20, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S7700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R008C06, V200R009C00, V200R010C00, S9700 V200R001C00, V200R001C01, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R006C01, V200R007C00, V200R007C01, V200R008C00, V200R009C00, V200R010C00 have an improper authorization vulnerability on Huawei switch products. The system incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by authenticated user. Successful exploit could cause information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r006c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r007c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r008c06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r006c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r008c06:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r006c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-04-11T17:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15329", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-89" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171116-01-uma-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei UMA V200R001C00 has a SQL injection vulnerability in the operation and maintenance module. An attacker logs in to the system as a common user and sends crafted HTTP requests that contain malicious SQL statements to the affected system. Due to a lack of input validation on HTTP requests that contain user-supplied input, successful exploitation may allow the attacker to execute arbitrary SQL queries." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:uma_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:uma:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "LOW", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 8.8, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 2.8, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:S/C:P/I:P/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "PARTIAL", "baseScore" : 6.5 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.0, "impactScore" : 6.4, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1533", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-79" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012327", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22012327", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22012327", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102496", "name" : "102496", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102496", "name" : "102496", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040168", "name" : "1040168", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040168", "name" : "1040168", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130675", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130675." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_9.0_firmware:*:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-10T17:29Z", "lastModifiedDate" : "2024-11-21T03:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15330", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-415" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Flp Driver in some Huawei smartphones of the software Vicky-AL00AC00B124D, Vicky-AL00AC00B157D, Vicky-AL00AC00B167 has a double free vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability. Successful exploitation may cause denial of service (DoS) attack." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b124d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b157d:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vicky-al00a_firmware:vicky-al00ac00b167:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vicky-al00a:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15331", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have an out-of-bounds read vulnerability in H323 protocol. An unauthenticated, remote attacker may send crafted packets to the affected products. Due to insufficient verification of the packets, successful exploit will cause process reboot." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r006c13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar1200-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar150-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r006c12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar200-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r006c13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r006c16pwe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar2200-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg1300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg2300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg3300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:max_presence_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:max_presence:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rse6500_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rse6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v100r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v100r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00t:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tp3106:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15332", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-h323-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, MAX PRESENCE V100R001C00, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RP200 V500R002C00SPC200, V600R006C00, RSE6500 V500R002C00, SMC2.0 V100R003C10, V100R005C00, V500R002C00, V500R002C00T, V600R006C00, V600R006C00T, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, ViewPoint 9030 V100R011C02, V100R011C03, have a memory leak vulnerability in H323 protocol. The vulnerability is due to insufficient verification of the packets. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted packets. A successful exploit could cause a memory leak and eventual denial of service (DoS) condition on an affected device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar120-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r006c13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar1200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar1200-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar150:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar150-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar150-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r006c12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar160_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar160:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar200-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar200-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r006c13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r006c16pwe:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar2200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar2200-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar2200-s:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c12:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c13:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c15:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c16:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r006c17:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar510_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar510:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:netengine16ex_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:netengine16ex:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg1300_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg1300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg2300_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg2300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:srg3300_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:srg3300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:max_presence_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:max_presence:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rse6500_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rse6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v100r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v100r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v500r002c00t:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:smc2.0_firmware:v600r006c00t:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:smc2.0:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tp3106:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15333", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s1700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s1700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s1700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r003c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc101:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc102:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc221:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc400:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ecns210_td:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15334", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:semg9811_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:semg9811:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15335", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:semg9811_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:semg9811:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15336", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SIP backup feature in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker may send specially crafted messages to the affected products. Due to the insufficient validation of some values for SIP messages, successful exploit may cause services abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:semg9811_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:semg9811:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15337", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:semg9811_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:semg9811:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15338", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:semg9811_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:semg9811:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15339", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-sip-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, USG9500 V500R001C00, V500R001C20, V500R001C30, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V200R001C02, V200R001C30, V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02, V100R011C03, eSpace U1981 V100R001C20, V200R003C00, V200R003C20, V200R003C30 has a buffer overflow vulnerability. An attacker would have to find a way to craft specific messages to the affected products. Due to the insufficient validation for SIP messages, successful exploit may cause services abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c0:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:semg9811_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:semg9811:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9520_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9520:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9560_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9560:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9580_firmware:v300r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9580:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v200r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-1534", "ASSIGNER" : "psirt@us.ibm.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-601" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008936", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008936", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.ibm.com/support/docview.wss?uid=swg22008936", "name" : "http://www.ibm.com/support/docview.wss?uid=swg22008936", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.securityfocus.com/bid/102509", "name" : "102509", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securityfocus.com/bid/102509", "name" : "102509", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040169", "name" : "1040169", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "http://www.securitytracker.com/id/1040169", "name" : "1040169", "refsource" : "", "tags" : [ "Third Party Advisory", "VDB Entry" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] }, { "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676", "name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/130676", "refsource" : "", "tags" : [ "VDB Entry", "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 130676." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_for_web_firmware:8.0.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_for_web_appliance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.0.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.2:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.3:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.4:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.5:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:a:ibm:security_access_manager_for_mobile:8.0.1.6:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_for_mobile_appliance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.0.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.1.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.0:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.2.1:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:ibm:security_access_manager_firmware:9.0.3:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:ibm:security_access_manager_appliance:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "CHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "LOW", "availabilityImpact" : "NONE", "baseScore" : 6.1, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 2.8, "impactScore" : 2.7 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "PARTIAL", "availabilityImpact" : "NONE", "baseScore" : 5.8 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-01-10T17:29Z", "lastModifiedDate" : "2024-11-21T03:22Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15340", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "NVD-CWE-noinfo" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171213-05-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei smartphones with software of TAG-AL00C92B168 have an information disclosure vulnerability. An attacker tricks the user to install a crafted application, this application simulate click action to back up data in a non-encrypted way using an Android assist function. Successful exploit could result in information disclosure." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tag-al00_firmware:tag-al00c92b168:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tag-al00:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:P/I:N/A:N", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "NONE", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15341", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-295" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15342", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ssl-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ssl-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ssl-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-ssl-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace U1981 V200R003C30SPC100 have a denial of service vulnerability. The software does not correctly calculate the rest size in a buffer when handling SSL connections. A remote unauthenticated attacker could send a lot of crafted SSL messages to the device, successful exploit could cause no space in the buffer and then denial of service." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3106_firmware:v100r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tp3106:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:espace_u1981_firmware:v200r003c30spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:espace_u1981:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15343", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-sctp-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-sctp-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-sctp-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-sctp-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could system reboot." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15344", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-190" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-02-sctp-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30 has an integer overflow vulnerability. The software does not sufficiently validate certain field in SCTP messages, a remote unauthenticated attacker could send a crafted SCTP message to the device. Successful exploit could cause system reboot." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r006c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar120-s_firmware:v200r008c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar1200_firmware:v200r007c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r006c11:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ar3200_firmware:v200r008c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ar3200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15345", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-400" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei Smartphones with software LON-L29DC721B186 have a denial of service vulnerability. An attacker could make an loop exit condition that cannot be reached by sending the crafted 3GPP message. Successful exploit could cause the device to reboot." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:lon-l29d_firmware:lon-l29dc721b186:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:lon-l29d:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.6, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 5.7 }, "severity" : "MEDIUM", "exploitabilityScore" : 5.5, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15346", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-xml-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, V200R010C00,S3700 V100R006C03, V100R006C05,S5700 V200R001C00, V200R002C00, V200R003C00, V200R003C02, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S6700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R005C02, V200R008C00, V200R009C00, V200R010C00,S7700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,S9700 V200R001C00, V200R002C00, V200R003C00, V200R005C00, V200R006C00, V200R007C00, V200R008C00, V200R009C00, V200R010C00,eCNS210_TD V100R004C10, V100R004C10SPC003, V100R004C10SPC100, V100R004C10SPC101, V100R004C10SPC102, V100R004C10SPC200, V100R004C10SPC221, V100R004C10SPC400 has a DOS vulnerability. An attacker may craft specific XML files to the affected products. Due to not check the specially XML file and to parse this file, successful exploit will result in DOS attacks." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s12700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s12700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s1700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s1700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s1700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r003c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s5700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s5700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r005c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s6700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s6700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s7700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s7700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r007c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r008c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r009c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:s9700_firmware:v200r010c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:s9700:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc003:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc100:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc101:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc102:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc200:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc221:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ecns210_td_firmware:v100r004c10spc400:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ecns210_td:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 4.7, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.0, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15347", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-416" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-phone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei Mate 9 Pro mobile phones with software of versions earlier than LON-AL00BC00B235 have a use after free (UAF) vulnerability. An attacker tricks a user into installing a malicious application, and the application can riggers access memory after free it. A local attacker may exploit this vulnerability to cause the mobile phone to crash." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:mate_9_pro_firmware:lon-al00bc00b235:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:mate_9_pro:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "attackVector" : "LOCAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "REQUIRED", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 5.5, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 1.8, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.1 }, "severity" : "HIGH", "exploitabilityScore" : 8.6, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : true } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15348", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-20" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-routers-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 V500R001C00, NIP6600 V500R001C00, Secospace USG6300 V500R001C00, Secospace USG6500 V500R001C00, Secospace USG6600 V500R001C00, USG9500 V500R001C00 have an insufficient input validation vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.8 }, "severity" : "HIGH", "exploitabilityScore" : 10.0, "impactScore" : 6.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15349", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-772" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171201-01-router-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 5800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 6800 V100R003C00, V100R005C00, V100R005C10, V100R006C00,CloudEngine 7800 V100R003C00, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Resource ReServation Protocol (RSVP) packets to the affected products. Due to not release the memory to handle the packets, successful exploit will result in memory leak of the affected products and lead to a DoS condition." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r005c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_12800_firmware:v100r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v100r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v100r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v100r005c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_5800_firmware:v100r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v100r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v100r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v100r005c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_6800_firmware:v100r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v100r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v100r005c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v100r005c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:cloudengine_7800_firmware:v100r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH" }, "exploitabilityScore" : 3.9, "impactScore" : 3.6 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15350", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-buffer-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-buffer-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-buffer-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-buffer-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The Common Open Policy Service Protocol (COPS) module in Huawei DP300 V500R002C00, IPS Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, RP200 V500R002C00, V600R006C00, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10,SVN5800-C V200R003C00, V200R003C10, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3206 V100R002C00, V100R002C10,USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50 haa a buffer overflow vulnerability. An unauthenticated, remote attacker could exploit this vulnerability by sending specially crafted message to the affected products. The vulnerability is due to insufficient input validation of the message, which could result in a buffer overflow. Successful exploit may cause some services abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ips_module_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ips_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:ngfw_module_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:ngfw_module:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:nip6800_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:nip6800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800-c_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800-c:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5600_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:svn5800_firmware:v200r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:svn5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v100r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3206_firmware:v100r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tp3206_firmware:v100r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tp3206:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c20:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c30:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:usg9500_firmware:v500r001c50:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:usg9500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15351", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-smartphone-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in the 'Find Phone' function. An attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:honor_v9_play_firmware:jimmy-al00ac00b135:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector" : "PHYSICAL", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "availabilityImpact" : "HIGH", "baseScore" : 6.8, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 0.9, "impactScore" : 5.9 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector" : "LOCAL", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "COMPLETE", "integrityImpact" : "COMPLETE", "availabilityImpact" : "COMPLETE", "baseScore" : 7.2 }, "severity" : "HIGH", "exploitabilityScore" : 3.9, "impactScore" : 10.0, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15352", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-732" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171122-01-oceanstor-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C00, V300R003C10, V300R003C20 have an improper access control vulnerability. Due to incorrectly restrict access to a resource, an attacker with high privilege may exploit the vulnerability to query some information or send specific message to cause some service abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_2800_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:oceanstor_2800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5300_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:oceanstor_5300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5500_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:oceanstor_5500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5600_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:oceanstor_5600:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:oceanstor_5800_firmware:v300r003c20:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:oceanstor_5800:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L", "attackVector" : "ADJACENT_NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "HIGH", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "LOW", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.1, "baseSeverity" : "LOW" }, "exploitabilityScore" : 0.5, "impactScore" : 2.5 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:A/AC:H/Au:S/C:P/I:N/A:P", "accessVector" : "ADJACENT_NETWORK", "accessComplexity" : "HIGH", "authentication" : "SINGLE", "confidentialityImpact" : "PARTIAL", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 2.9 }, "severity" : "LOW", "exploitabilityScore" : 2.5, "impactScore" : 4.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15353", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-125" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171115-01-h323-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, V500R002C00, TE30, V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00, V600R006C00, TE60, V100R001C01, V100R001C10, V500R002C00, V600R006C00, TX50, V500R002C00, V600R006C00, VP9660, V500R002C00, V500R002C10, ViewPoint 8660, V100R008C03, ViewPoint 9030, V100R011C02, V100R011C03, Viewpoint 8660, V100R008C03 have an out-of-bounds read vulnerability. An attacker has to control the peer device and send specially crafted messages to the affected products. Due to insufficient input validation, successful exploit may cause some service abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rse6500_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rse6500:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c01:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tx50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tx50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tx50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_8660_firmware:v100r008c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_8660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:vp9660_firmware:v500r002c10:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:vp9660:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c02:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:viewpoint_9030_firmware:v100r011c03:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:viewpoint_9030:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "HIGH", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 3.7, "baseSeverity" : "LOW" }, "exploitabilityScore" : 2.2, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "MEDIUM", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 4.3 }, "severity" : "MEDIUM", "exploitabilityScore" : 8.6, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15354", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tx50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tx50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tx50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15355", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] } ] }, "description" : { "description_data" : [ { "lang" : "en", "value" : "Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal." } ] } }, "configurations" : { "CVE_data_version" : "4.0", "nodes" : [ { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:dp300_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:dp300:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:rp200_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:rp200:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te30_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te30:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te40_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te40:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v100r001c10:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:te60_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:te60:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] }, { "operator" : "AND", "children" : [ { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tx50_firmware:v500r002c00:*:*:*:*:*:*:*", "cpe_name" : [ ] }, { "vulnerable" : true, "cpe23Uri" : "cpe:2.3:o:huawei:tx50_firmware:v600r006c00:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] }, { "operator" : "OR", "children" : [ ], "cpe_match" : [ { "vulnerable" : false, "cpe23Uri" : "cpe:2.3:h:huawei:tx50:-:*:*:*:*:*:*:*", "cpe_name" : [ ] } ] } ], "cpe_match" : [ ] } ] }, "impact" : { "baseMetricV3" : { "cvssV3" : { "version" : "3.0", "vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector" : "NETWORK", "attackComplexity" : "LOW", "privilegesRequired" : "NONE", "userInteraction" : "NONE", "scope" : "UNCHANGED", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "LOW", "baseScore" : 5.3, "baseSeverity" : "MEDIUM" }, "exploitabilityScore" : 3.9, "impactScore" : 1.4 }, "baseMetricV2" : { "cvssV2" : { "version" : "2.0", "vectorString" : "AV:N/AC:L/Au:N/C:N/I:N/A:P", "accessVector" : "NETWORK", "accessComplexity" : "LOW", "authentication" : "NONE", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "availabilityImpact" : "PARTIAL", "baseScore" : 5.0 }, "severity" : "MEDIUM", "exploitabilityScore" : 10.0, "impactScore" : 2.9, "obtainAllPrivilege" : false, "obtainUserPrivilege" : false, "obtainOtherPrivilege" : false, "userInteractionRequired" : false } }, "publishedDate" : "2018-02-15T16:29Z", "lastModifiedDate" : "2024-11-21T03:14Z" }, { "cve" : { "data_type" : "CVE", "data_format" : "MITRE", "data_version" : "4.0", "CVE_data_meta" : { "ID" : "CVE-2017-15356", "ASSIGNER" : "psirt@huawei.com" }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "en", "value" : "CWE-119" } ] } ] }, "references" : { "reference_data" : [ { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "refsource" : "", "tags" : [ "Vendor Advisory" ] }, { "url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en", "name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-2017110