Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC
HistoryJul 20, 2018 - 6:56 p.m.

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private

2018-07-2018:56:04
www.ibm.com
17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON

Summary

IBM Cloud Private is vulnerable to multiple security vulnerabilities

Vulnerability Details

CVEID: CVE-2018-5146 DESCRIPTION: libvorbis, as used in Mozilla Firefox, could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds memory write. By persuading a victim to open a specially-crafted media file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the browser to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140404&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-15422 DESCRIPTION: Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in ICU. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136054&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-15412 DESCRIPTION: Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in libXML. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136046&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-7526 DESCRIPTION: Libgcrypt could allow a remote attacker to obtain sensitive information, caused by a cache side-channel attack when using left-to-right sliding window method by the RSA-1024 implementation. By running arbitrary software where the private key is used, an attacker could exploit this vulnerability to obtain the RSA private key.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128271&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N)

CVEID: CVE-2018-1000122 DESCRIPTION: curl could allow a remote attacker to obtain sensitive information, caused by a buffer over-read in the RTSP+RTP handling code. An attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140316&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

CVEID: CVE-2018-0739 DESCRIPTION: OpenSSL is vulnerable to a denial of service. By sending specially crafted ASN.1 data with a recursive definition, a remote attacker could exploit this vulnerability to consume excessive stack memory.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140847&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID: CVE-2018-0733 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by the failure to properly compare byte values by the PA-RISC CRYPTO_memcmp() function used on HP-UX PA-RISC targets. An attacker could exploit this vulnerability to forge messages, some of which may be authenticated.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/140849&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID: CVE-2017-17512 DESCRIPTION: sensible-utils package for Debian could allow a remote attacker to execute arbitrary commands on the system, caused by the failure to validate strings before launching the program specified by the BROWSER environment variable in sensible-browser. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/136182&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-17426 DESCRIPTION: GNU C Library (aka glibc or libc6) is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the per-thread cache (aka tcache) feature. By allocating an object whose size is close to SIZE_MAX, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135985&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-16612 DESCRIPTION: X.Org libXcursor is vulnerable to a heap-based buffer overflow, caused by various integer overflows. By sending specially-crafted cursors with programs like GIMP, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135813&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-16546 DESCRIPTION: ImageMagick is vulnerable to a denial of service, caused by improper validation of the colormap index in a WPG palette in the ReadWPGImage function in coders/wpg.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134498&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-1000117 DESCRIPTION: Git could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by improper handling of the “ssh” URLs. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130244&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-1000116 DESCRIPTION: Mercurial could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of hostnames passed to ssh. By sending a specially-crafted request, an attacker could exploit this vulnerability to inject and execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133105&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-0379 DESCRIPTION: Libgcrypt could allow a local attacker to obtain sensitive information, caused by a flaw in the cipher/ecc.c and mpi/ec.c. By using Curve25519 side-channel attacks, an attacker could exploit this vulnerability to discover a secret key.
CVSS Base Score: 2.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/131281&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID: CVE-2017-15908 DESCRIPTION: systemd is vulnerable to a denial of service, caused by an error in the dns_packet_read_type_window function. By sending a specially-crafted DNS NSEC resource record data, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134141&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2016-2774 DESCRIPTION: ISC DHCP is vulnerable to a denial of service, caused by the failure to limit the number of open TCP connections to the ports for inter-process communications and control. By opening a large number of TCP connections, a remote attacker from within the local network could exploit this vulnerability to become unresponsive or consume all available sockets.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/111319&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID: CVE-2017-16544 DESCRIPTION: BusyBox could allow a remote attacker to execute arbitrary code on the system, caused by the improper sanitization of filename in the add_match function in libbb/lineedit.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135207&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-15650 DESCRIPTION: musl libc is vulnerable to a stack-based buffer overflow, caused by the failure to restrict the number of addresses in the dns_parse_callback function in network/lookup_name.c. By sending specially-crafted DNS replies, a remote attacker could exploit this vulnerability to provide an unexpected number of addresses.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133862&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-12883 DESCRIPTION: PERL is vulnerable to a denial of service, caused by a buffer overflow in the regular expression parser. By using vectors involving the use of RExC_parse in the vFAIL macro, a remote attacker could exploit this vulnerability to cause the application to crash or leak data from memory.
CVSS Base Score: 9.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132298&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H)

CVEID: CVE-2017-10285 DESCRIPTION: An unspecified vulnerability in Oracle Java SE related to the Java SE, Java SE Embedded RMI component could allow an unauthenticated attacker to take control of the system.
CVSS Base Score: 9.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/133723&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

CVEID: CVE-2017-9800 DESCRIPTION: Apache Subversion could allow a remote attacker to execute arbitrary commands on the system, caused by the connection to URLs provided by the repository. By committing to a honest server, an attacker could exploit this vulnerability using a specially crafted svn+ssh:// URL to execute arbitrary shell commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/130360&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-14867 DESCRIPTION: Git could allow a remote attacker to execute arbitrary commands on the system, caused by the use of unsafe Perl scripts to support subcommands. By using specially-crafted shell metacharacters in a module name, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/132826&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-5563 DESCRIPTION: LibTIFF is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the tif_lzw.c. By persuading a victim to open a specially-crafted bmp image file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 8.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/121605&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-8816 DESCRIPTION: cURL libcurl is vulnerable to a buffer overflow, caused by an integer overflow flaw in the NTLM authentication feature. By using vectors involving long user and password fields, a remote attacker could overflow a buffer and execute arbitrary code and cause the application to crash.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135657&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-6891 DESCRIPTION: GnuTLS libtasn1 is vulnerable to a stack-based buffer overflow, caused by 2 errors in the asn1_find_node function in lib/parser_aux.c. By persuading a victim to open a specially-crafted assignments file, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/127214&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)

CVEID: CVE-2017-14176 DESCRIPTION: Bazaar could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw when Subprocess SSH is used. By sending a bzr+ssh URL with an initial dash character in the hostname, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/135732&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID: CVE-2017-13089 DESCRIPTION: GNU wget is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the skip_short_body() function in src/http.c. By sending a specially-crafted HTTP data, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 9.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134200&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM Cloud Private 2.1.0

Remediation/Fixes

For the 2.1.0.x releases: upgrade to version 2.1.0.3 Fix Pack 1 or later

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud privateeq2.1.0

Related

ibm 5
hackerone 1
nessus 36
openvas 30
prion 12
ubuntucve 12
debian 8
freebsd 2
archlinux 6
redhatcve 9
cve 12
debiancve 11
osv 15
fedora 7
symantec 1
amazon 1
github 1
veracode 7
myhack58 1
tenable 2
gentoo 2
cbl_mariner 1
cloudfoundry 3
ubuntu 6
alpinelinux 4
f5 1
mageia 1
slackware 1
seebug 1
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private (CVE-2018-0739,CVE-2017-17512, CVE-2018-1000122)
2018-10-01 14:20:02
Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware
2018-09-24 08:40:01
Security Bulletin: Multiple Vulnerabilities in OpenSSL affect IBM i
2019-12-18 14:26:38
hackerone
hackerone
Internet Bug Bounty: RCE via ssh:// URIs in multiple VCS
2017-08-14 20:53:18
nessus
nessus
FreeBSD : Mercurial -- multiple vulnerabilities (1d33cdee-7f6b-11e7-a9b5-3debb10a6871)
2017-08-14 00:00:00
Debian DLA-1072-1 : mercurial security update
2017-09-01 00:00:00
EulerOS 2.0 SP5 : bzr (EulerOS-SA-2021-1180)
2021-02-04 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-1072-1)
2018-02-06 00:00:00
Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1180)
2021-02-05 00:00:00
Huawei EulerOS: Security Advisory for bzr (EulerOS-SA-2021-1283)
2021-02-22 00:00:00
prion
prion
Design/Logic Flaw
2017-11-27 10:29:00
Sql injection
2017-08-20 20:29:00
Design/Logic Flaw
2017-12-07 18:29:00
ubuntucve
ubuntucve
CVE-2017-14176
2017-09-05 00:00:00
CVE-2017-12976
2017-08-20 00:00:00
CVE-2017-17459
2017-12-07 00:00:00
debian
debian
[SECURITY] [DLA 1072-1] mercurial security update
2017-08-31 11:57:25
[SECURITY] [DLA 1144-1] git-annex security update
2017-10-27 15:29:08
[SECURITY] [DLA 1495-1] git-annex security update
2018-09-05 19:28:50
freebsd
freebsd
Mercurial -- multiple vulnerabilities
2017-08-10 00:00:00
libXcursor -- integer overflow that can lead to heap buffer overflow
2017-11-28 00:00:00
archlinux
archlinux
[ASA-201708-7] mercurial: multiple issues
2017-08-12 00:00:00
[ASA-201710-28] musl: arbitrary code execution
2017-10-21 00:00:00
[ASA-201711-41] libxcursor: arbitrary code execution
2017-11-30 00:00:00
redhatcve
redhatcve
CVE-2017-14176
2017-09-12 07:48:25
CVE-2017-16228
2017-11-03 14:19:26
CVE-2017-16546
2017-11-16 10:49:34
cve
cve
CVE-2017-14176
2017-11-27 10:29:00
CVE-2017-17459
2017-12-07 18:29:00
CVE-2017-12976
2017-08-20 20:29:00
debiancve
debiancve
CVE-2017-14176
2017-11-27 10:29:00
CVE-2017-17459
2017-12-07 18:29:00
CVE-2017-12976
2017-08-20 20:29:00
osv
osv
git-annex command injection via malicious SSH hostname
2023-07-25 13:25:42
CVE-2017-16228
2017-10-29 20:29:00
PYSEC-2017-12
2017-10-29 20:29:00
fedora
fedora
[SECURITY] Fedora 26 Update: openssl-1.1.0h-1.fc26
2018-04-01 19:55:54
[SECURITY] Fedora 27 Update: openssl-1.1.0h-1.fc27
2018-04-01 03:31:28
[SECURITY] Fedora 28 Update: openssl-1.1.0h-2.fc28
2018-04-01 19:09:56
symantec
symantec
SA166: OpenSSL Vulnerabilities 27-Mar-2018
2018-05-22 08:00:00
amazon
amazon
Medium: openssl
2018-08-22 18:59:00
github
github
Dulwich RCE Vulnerability
2022-05-13 01:44:04
veracode
veracode
Arbitrary Command Execution
2017-10-30 00:47:04
Denial Of Service (DoS)
2017-11-06 04:17:09
Denial Of Service (DoS)
2020-05-10 23:23:59
myhack58
myhack58
More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net
2017-08-11 00:00:00
tenable
tenable
[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities
2018-06-14 16:02:13
[R1] Nessus Agent 7.1.0 Fixes Multiple Third-party Vulnerabilities
2018-06-14 16:02:13
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2018-11-28 00:00:00
LibXcursor: User-assisted execution of arbitrary code
2018-01-07 00:00:00
cbl_mariner
cbl_mariner
CVE-2017-14176 affecting package bzr 2.7.0-
2024-04-25 09:08:11
cloudfoundry
cloudfoundry
USN-3584-1: sensible-utils vulnerability | Cloud Foundry
2018-05-02 00:00:00
USN-3622-1: Wayland vulnerability | Cloud Foundry
2018-05-09 00:00:00
USN-3501-1: libxcursor vulnerability | Cloud Foundry
2018-03-13 00:00:00
ubuntu
ubuntu
Perl vulnerability
2017-11-13 00:00:00
Bazaar vulnerability
2017-10-24 00:00:00
sensible-utils vulnerability
2018-02-26 00:00:00
alpinelinux
alpinelinux
CVE-2017-15650
2017-10-19 23:29:00
CVE-2017-16544
2017-11-20 15:29:00
CVE-2017-12883
2017-09-19 18:29:00
f5
f5
K62318311 : glibc vulnerability CVE-2017-17426
2018-02-23 00:00:00
mageia
mageia
Updated libxcursor packages fix security vulnerability
2017-12-06 14:43:08
slackware
slackware
[slackware-security] libXcursor
2017-11-29 08:19:08
seebug
seebug
wget HTTP integer overflow(CVE-2017-13089)
2017-11-13 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

JSON
Related for B05329785ED4441E67419C72F4E8D5EFB095312F0129B7DAC17DB1F2F0780EEC
ibm5hackerone1nessus36openvas30prion12ubuntucve12debian8freebsd2archlinux6redhatcve9cve12debiancve11osv15fedora7symantec1amazon1github1veracode7myhack581tenable2gentoo2cbl_mariner1cloudfoundry3ubuntu6alpinelinux4f51mageia1slackware1seebug1