CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.9%
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699)
The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record. (CVE-2014-8484)
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. (CVE-2014-8485)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory binutils. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(199993);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2014-8484",
"CVE-2014-8485",
"CVE-2014-8501",
"CVE-2014-8502",
"CVE-2014-8503",
"CVE-2014-8504",
"CVE-2014-8737",
"CVE-2014-8738",
"CVE-2014-9939",
"CVE-2017-6965",
"CVE-2017-6966",
"CVE-2017-6969",
"CVE-2017-7209",
"CVE-2017-7210",
"CVE-2017-7223",
"CVE-2017-7224",
"CVE-2017-7225",
"CVE-2017-7226",
"CVE-2017-7227",
"CVE-2017-7299",
"CVE-2017-7300",
"CVE-2017-7301",
"CVE-2017-7302",
"CVE-2017-7303",
"CVE-2017-7304",
"CVE-2017-7614",
"CVE-2017-8392",
"CVE-2017-8393",
"CVE-2017-8394",
"CVE-2017-8395",
"CVE-2017-8396",
"CVE-2017-8397",
"CVE-2017-8398",
"CVE-2017-8421",
"CVE-2017-9038",
"CVE-2017-9039",
"CVE-2017-9040",
"CVE-2017-9041",
"CVE-2017-9042",
"CVE-2017-9043",
"CVE-2017-9044",
"CVE-2017-9742",
"CVE-2017-9743",
"CVE-2017-9744",
"CVE-2017-9745",
"CVE-2017-9746",
"CVE-2017-9747",
"CVE-2017-9748",
"CVE-2017-9749",
"CVE-2017-9750",
"CVE-2017-9751",
"CVE-2017-9752",
"CVE-2017-9753",
"CVE-2017-9754",
"CVE-2017-9755",
"CVE-2017-9756",
"CVE-2017-9954",
"CVE-2017-9955",
"CVE-2017-12449",
"CVE-2017-12451",
"CVE-2017-12452",
"CVE-2017-12453",
"CVE-2017-12454",
"CVE-2017-12455",
"CVE-2017-12456",
"CVE-2017-12457",
"CVE-2017-12458",
"CVE-2017-12799",
"CVE-2017-12967",
"CVE-2017-13710",
"CVE-2017-13716",
"CVE-2017-13757",
"CVE-2017-14128",
"CVE-2017-14129",
"CVE-2017-14130",
"CVE-2017-14529",
"CVE-2017-14729",
"CVE-2017-14745",
"CVE-2017-14930",
"CVE-2017-14932",
"CVE-2017-14933",
"CVE-2017-14934",
"CVE-2017-14938",
"CVE-2017-14939",
"CVE-2017-14940",
"CVE-2017-14974",
"CVE-2017-15020",
"CVE-2017-15021",
"CVE-2017-15022",
"CVE-2017-15023",
"CVE-2017-15024",
"CVE-2017-15025",
"CVE-2017-15225",
"CVE-2017-15938",
"CVE-2017-15939",
"CVE-2017-15996",
"CVE-2017-16826",
"CVE-2017-16827",
"CVE-2017-16828",
"CVE-2017-16829",
"CVE-2017-16830",
"CVE-2017-16831",
"CVE-2017-16832",
"CVE-2017-17080",
"CVE-2017-17121",
"CVE-2017-17122",
"CVE-2017-17123",
"CVE-2017-17124",
"CVE-2017-17125",
"CVE-2017-17126",
"CVE-2018-6323",
"CVE-2018-6872",
"CVE-2018-7208",
"CVE-2018-7568",
"CVE-2018-7569",
"CVE-2018-7642",
"CVE-2018-7643",
"CVE-2018-8945",
"CVE-2018-10373",
"CVE-2018-10535",
"CVE-2018-12641",
"CVE-2018-12697",
"CVE-2018-12698",
"CVE-2018-12699",
"CVE-2018-12700",
"CVE-2018-12934",
"CVE-2018-17794",
"CVE-2018-17985",
"CVE-2018-18483",
"CVE-2018-18484",
"CVE-2018-18605",
"CVE-2018-18606",
"CVE-2018-18607",
"CVE-2018-18700",
"CVE-2018-18701",
"CVE-2018-19931",
"CVE-2018-20002",
"CVE-2018-1000876",
"CVE-2019-9070",
"CVE-2019-9077"
);
script_name(english:"RHEL 5 : binutils (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 5 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699)
- The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to
cause a denial of service (out-of-bounds read) via a small S-record. (CVE-2014-8484)
- The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers
to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers
in an ELF file. (CVE-2014-8485)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12699");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/23");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:binutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:binutils220");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '5')) audit(AUDIT_OS_NOT, 'Red Hat 5.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'binutils', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'binutils', 'cves':['CVE-2014-8484', 'CVE-2014-8485', 'CVE-2014-8501', 'CVE-2014-8502', 'CVE-2014-8503', 'CVE-2014-8504', 'CVE-2014-8737', 'CVE-2014-8738', 'CVE-2014-9939', 'CVE-2017-6965', 'CVE-2017-6966', 'CVE-2017-6969', 'CVE-2017-7209', 'CVE-2017-7210', 'CVE-2017-7223', 'CVE-2017-7224', 'CVE-2017-7225', 'CVE-2017-7226', 'CVE-2017-7227', 'CVE-2017-7299', 'CVE-2017-7300', 'CVE-2017-7301', 'CVE-2017-7302', 'CVE-2017-7303', 'CVE-2017-7304', 'CVE-2017-7614', 'CVE-2017-8392', 'CVE-2017-8393', 'CVE-2017-8394', 'CVE-2017-8395', 'CVE-2017-8396', 'CVE-2017-8397', 'CVE-2017-8398', 'CVE-2017-8421', 'CVE-2017-9038', 'CVE-2017-9039', 'CVE-2017-9040', 'CVE-2017-9041', 'CVE-2017-9042', 'CVE-2017-9043', 'CVE-2017-9044', 'CVE-2017-9742', 'CVE-2017-9743', 'CVE-2017-9744', 'CVE-2017-9745', 'CVE-2017-9746', 'CVE-2017-9747', 'CVE-2017-9748', 'CVE-2017-9749', 'CVE-2017-9750', 'CVE-2017-9751', 'CVE-2017-9752', 'CVE-2017-9753', 'CVE-2017-9754', 'CVE-2017-9755', 'CVE-2017-9756', 'CVE-2017-9954', 'CVE-2017-9955', 'CVE-2017-12449', 'CVE-2017-12451', 'CVE-2017-12452', 'CVE-2017-12453', 'CVE-2017-12454', 'CVE-2017-12455', 'CVE-2017-12456', 'CVE-2017-12457', 'CVE-2017-12458', 'CVE-2017-12799', 'CVE-2017-12967', 'CVE-2017-13710', 'CVE-2017-13716', 'CVE-2017-13757', 'CVE-2017-14128', 'CVE-2017-14129', 'CVE-2017-14130', 'CVE-2017-14529', 'CVE-2017-14729', 'CVE-2017-14745', 'CVE-2017-14930', 'CVE-2017-14932', 'CVE-2017-14933', 'CVE-2017-14934', 'CVE-2017-14938', 'CVE-2017-14939', 'CVE-2017-14940', 'CVE-2017-14974', 'CVE-2017-15020', 'CVE-2017-15021', 'CVE-2017-15022', 'CVE-2017-15023', 'CVE-2017-15024', 'CVE-2017-15025', 'CVE-2017-15225', 'CVE-2017-15938', 'CVE-2017-15939', 'CVE-2017-15996', 'CVE-2017-16826', 'CVE-2017-16827', 'CVE-2017-16828', 'CVE-2017-16829', 'CVE-2017-16830', 'CVE-2017-16831', 'CVE-2017-16832', 'CVE-2017-17080', 'CVE-2017-17121', 'CVE-2017-17122', 'CVE-2017-17123', 'CVE-2017-17124', 'CVE-2017-17125', 'CVE-2017-17126', 'CVE-2018-6323', 'CVE-2018-6872', 'CVE-2018-7208', 'CVE-2018-7568', 'CVE-2018-7569', 'CVE-2018-7642', 'CVE-2018-7643', 'CVE-2018-10373', 'CVE-2018-10535', 'CVE-2018-12641', 'CVE-2018-12697', 'CVE-2018-12698', 'CVE-2018-12699', 'CVE-2018-12700', 'CVE-2018-12934', 'CVE-2018-17794', 'CVE-2018-17985', 'CVE-2018-18483', 'CVE-2018-18484', 'CVE-2018-18605', 'CVE-2018-18606', 'CVE-2018-18607', 'CVE-2018-18700', 'CVE-2018-18701', 'CVE-2018-19931', 'CVE-2018-20002', 'CVE-2018-1000876', 'CVE-2019-9070', 'CVE-2019-9077']},
{'reference':'binutils220', 'release':'5', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'binutils220', 'cves':['CVE-2014-8484', 'CVE-2014-8485', 'CVE-2014-8501', 'CVE-2014-8502', 'CVE-2014-8503', 'CVE-2014-8504', 'CVE-2014-8737', 'CVE-2014-8738', 'CVE-2014-9939', 'CVE-2017-6965', 'CVE-2017-6966', 'CVE-2017-6969', 'CVE-2017-7209', 'CVE-2017-7210', 'CVE-2017-7223', 'CVE-2017-7224', 'CVE-2017-7225', 'CVE-2017-7226', 'CVE-2017-7227', 'CVE-2017-7299', 'CVE-2017-7300', 'CVE-2017-7301', 'CVE-2017-7302', 'CVE-2017-7303', 'CVE-2017-7304', 'CVE-2017-7614', 'CVE-2017-8392', 'CVE-2017-8393', 'CVE-2017-8394', 'CVE-2017-8395', 'CVE-2017-8396', 'CVE-2017-8397', 'CVE-2017-8398', 'CVE-2017-8421', 'CVE-2017-9038', 'CVE-2017-9039', 'CVE-2017-9040', 'CVE-2017-9041', 'CVE-2017-9042', 'CVE-2017-9043', 'CVE-2017-9044', 'CVE-2017-9742', 'CVE-2017-9743', 'CVE-2017-9744', 'CVE-2017-9745', 'CVE-2017-9746', 'CVE-2017-9747', 'CVE-2017-9748', 'CVE-2017-9749', 'CVE-2017-9750', 'CVE-2017-9751', 'CVE-2017-9752', 'CVE-2017-9753', 'CVE-2017-9754', 'CVE-2017-9755', 'CVE-2017-9756', 'CVE-2017-9954', 'CVE-2017-9955', 'CVE-2017-12799', 'CVE-2017-12967', 'CVE-2017-13710', 'CVE-2017-13716', 'CVE-2017-13757', 'CVE-2017-14128', 'CVE-2017-14129', 'CVE-2017-14130', 'CVE-2017-14529', 'CVE-2017-14729', 'CVE-2017-14745', 'CVE-2017-14930', 'CVE-2017-14932', 'CVE-2017-14933', 'CVE-2017-14934', 'CVE-2017-14938', 'CVE-2017-14939', 'CVE-2017-14940', 'CVE-2017-14974', 'CVE-2017-15020', 'CVE-2017-15021', 'CVE-2017-15022', 'CVE-2017-15023', 'CVE-2017-15024', 'CVE-2017-15025', 'CVE-2017-15225', 'CVE-2017-15938', 'CVE-2017-15939', 'CVE-2017-15996', 'CVE-2017-16826', 'CVE-2017-16827', 'CVE-2017-16828', 'CVE-2017-16829', 'CVE-2017-16830', 'CVE-2017-16831', 'CVE-2017-16832', 'CVE-2017-17080', 'CVE-2017-17121', 'CVE-2017-17122', 'CVE-2017-17123', 'CVE-2017-17124', 'CVE-2017-17125', 'CVE-2017-17126', 'CVE-2018-6323', 'CVE-2018-6872', 'CVE-2018-7208', 'CVE-2018-7568', 'CVE-2018-7569', 'CVE-2018-7642', 'CVE-2018-7643', 'CVE-2018-8945', 'CVE-2018-10373', 'CVE-2018-10535', 'CVE-2018-12641', 'CVE-2018-12697', 'CVE-2018-12698', 'CVE-2018-12699', 'CVE-2018-12700', 'CVE-2018-12934', 'CVE-2018-17985', 'CVE-2018-18605', 'CVE-2018-18606', 'CVE-2018-18607', 'CVE-2018-18700', 'CVE-2018-18701', 'CVE-2018-19931', 'CVE-2018-20002']}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils220');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8485
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8501
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8503
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8504
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8738
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12451
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12452
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12453
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12454
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12455
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12456
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12457
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12458
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12799
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13710
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13716
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13757
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14129
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14932
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16826
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16827
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16828
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16829
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16830
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16831
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16832
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7299
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7302
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7303
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7614
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8392
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8393
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8394
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8395
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8396
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8397
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8398
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9743
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9744
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9745
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9746
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9747
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9748
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9749
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9750
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9751
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9753
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9754
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9755
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9756
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12697
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12698
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12699
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12934
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18483
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6323
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7208
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9077
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
92.9%