{"id": "SECURITYVULNS:DOC:20384", "bulletinFamily": "software", "title": "Vanilla <= 1.1.4 Script Injection/ XSS", "description": "##########################################################\r\n# GulfTech Security Research August 19, 2008\r\n##########################################################\r\n# Vendor : Mark O'Sullivan\r\n# URL : http://www.getvanilla.com/\r\n# Version : Vanilla <= 1.1.4\r\n# Risk : Multiple Vulnerabilities\r\n##########################################################\r\n\r\n\r\nDescription:\r\nVanilla is an open-source, standards-compliant, multi-lingual,\r\nfully extensible web based discussion forum. Unfortunately there\r\nare a couple of issues within Vanilla that allow for a malicious\r\nuser to steal client based credentials such as cookies. These\r\nissues include both script injection and cross site scripting.\r\nAn updated version of Vanilla has been released and users should\r\nupgrade their Vanilla installation as soon as possible.\r\n\r\n\r\n\r\nCross Site Scripting:\r\nThere is a Cross Site Scripting issue in Vanilla that allow\r\nfor theft of client side credentials such as cookies. An example\r\ncan be found in people.php. This issue is a result of unsanitized\r\nGPC variables being displayed to the end user.\r\n\r\n/people.php?PostBackAction=Apply&NewPassword='"><script>alert\r\n(document.cookie)%3B<%2Fscript>\r\n\r\nThe above example link would display the end users cookie to\r\nthem. Of course this can also be used to steal the cookie data\r\nas mentioned earlier in this advisory.\r\n\r\n\r\n\r\nScript Injection:\r\nThere is a script injection issue within Vanilla that may allow\r\nfor a malicious user to gain admin credentials via cookie theft.\r\nThe problem is a result of the "Picture", "Icon", and Label => Value\r\npairs within the user account information not being properly escaped.\r\nIt seems that only strip_tags is used, which is not sufficient. All\r\ndevelopers need not forget that if the user supplied data is being\r\nplaced within a tag, as parameters, then the htmlspecialchars\r\nfunction or a similar equivalent must be used so that quotes are\r\nproperly escaped. Otherwise we can inject additional parameters in\r\nto the affected tag like in the example shown below.\r\n\r\ntest" onclick=alert(document.cookie); "\r\n\r\nBy entering the above text in to one of the previously mentioned\r\nvulnerable fields an attacker can successfully have the javascript\r\nexecute in the context of the admin's browser whenever the affected\r\nfield is clicked.\r\n\r\n\r\n\r\nSolution:\r\nThe Vanilla developers have released an updated version of Vanilla\r\nwhich resolves the previously mentioned. Vanilla 1.1.5 RC 1 can be\r\nfound at the following url\r\n\r\nhttp://lussumo.com/community/discussion/8559/vanilla-115-release-candidate-1/\r\n\r\n\r\n\r\nCredits:\r\nJames Bercegay of the GulfTech Security Research Team\r\n\r\n\r\n\r\nRelated Info:\r\nThe original advisory can be found at the following location\r\nhttp://www.gulftech.org/?node=research&article_id=00126-08192008", "published": "2008-08-19T00:00:00", "modified": "2008-08-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20384", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:27", "edition": 1, "viewCount": 10, "enchantments": {"score": {"value": 5.3, "vector": "NONE", "modified": "2018-08-31T11:10:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2019-20384", "CVE-2016-8860", "CVE-2015-9286", "CVE-2018-20384", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "openbugbounty", "idList": ["OBB:232775"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL"]}, {"type": "freebsd", "idList": ["C1DC55DC-9556-11E6-B154-3065EC8FD3EC"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32653", "SECURITYVULNS:DOC:32656", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:27", "rev": 2}, "vulnersScore": 5.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"oraclelinux": [{"id": "ELSA-2021-3945", "hash": "7bd49049d50af8c69d1c791ea96d605d", "type": "oraclelinux", "bulletinFamily": "unix", "title": "redis:6 security update", "description": "[6.0.9-5]\n- fix denial of service via Redis Standard Protocol (RESP) request\n CVE-2021-32675\n[6.0.9-4]\n- fix lua scripts can overflow the heap-based Lua stack\n CVE-2021-32626\n- fix integer overflow issue with Streams\n CVE-2021-32627\n- fix integer overflow bug in the ziplist data structure\n CVE-2021-32628\n- fix integer overflow issue with intsets\n CVE-2021-32687\n- fix integer overflow issue with strings\n CVE-2021-41099", "published": "2021-10-20T00:00:00", "modified": "2021-10-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "http://linux.oracle.com/errata/ELSA-2021-3945.html", "reporter": "OracleLinux", "references": [], "cvelist": ["CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-41099"], "immutableFields": [], "lastseen": "2021-10-20T20:26:40", "history": [{"bulletin": {"id": "ELSA-2021-3945", "hash": "3b1bb363501564cf17db12ca18ec6dbb", "type": "oraclelinux", "bulletinFamily": "unix", "title": "redis:6 security update", "description": "[6.0.9-5]\n- fix denial of service via Redis Standard Protocol (RESP) request\n CVE-2021-32675\n[6.0.9-4]\n- fix lua scripts can overflow the heap-based Lua stack\n CVE-2021-32626\n- fix integer overflow issue with Streams\n CVE-2021-32627\n- fix integer overflow bug in the ziplist data structure\n CVE-2021-32628\n- fix integer overflow issue with intsets\n CVE-2021-32687\n- fix integer overflow issue with strings\n CVE-2021-41099\n[6.0.9-3]\n- fix integer overflow via STRALGO LCS command\n CVE-2021-29477\n[6.0.9-2]\n- revert 'simplify config rewrite file' and keep\n configuration in /etc\n[6.0.9-1]\n- update to 6.0.9\n[6.0.8-1]\n- update to 6.0.8 for new stream #1862063\n[5.0.3-2]\n- fix Heap buffer overflow in HyperLogLog triggered by malicious client\n CVE-2019-10192\n- fix Stack buffer overflow in HyperLogLog triggered by malicious client\n CVE-2019-10193\n[5.0.3-1]\n- update to 5.0.3\n[4.0.10-2]\n- drop build dependency on pandoc\n- drop dependency on jemalloc #1591762\n- fix License (BSD and MIT)\n- add bundled libraries licences\n- cleanup conditions from spec file\n[4.0.10-1]\n- Upstream 4.0.10 release.\n[4.0.9-1.2]\n- rebuild (#1571197)\n[4.0.9-1]\n- Upstream 4.0.9 release.\n[4.0.8-2]\n- Escape macros in %changelog\n[4.0.8-1]\n- Upstream 4.0.8 release.\n[4.0.7-1]\n- Upstream 4.0.7 release.\n[4.0.6-1]\n- Upstream 4.0.6 release.\n[4.0.5-1]\n- Redis 4.0.5 - Released Thu Dec 1 16:03:32 CET 2017\n- Upgrade urgency CRITICAL: Redis 4.0.4 fix for PSYNC2 was broken,\n causing the slave to crash when receiving an RDB file from the\n master that contained a duplicated Lua script.\n[4.0.4-1]\n- Upstream 4.0.4 release.\n- Update to current upstream redis-doc also.\n- Fix man page issues (RHBZ #1513594 and RHBZ #1515417).\n[4.0.3-1]\n- Redis 4.0.3\n- fix ownership of /usr/share/doc/redis\n- use make_flags for test to avoid rebuild and failure\n- fix rpm macro location on EL-6\n- add /var/run/redis on EL-6\n- add spec file license header\n- drop duplicated documentation from main package\n- keep man in main page\n[4.0.2-2]\n- Install the base modules directories, owned by the main package.\n[4.0.2-1]\n- Upstream 4.0.2 release. (RHBZ #1389592)\n- Add redis-devel for loadable module development.\n- Add redis-doc for man pages and detailed documentation.\n- Provide redis-check-aof as a symlink to redis-server also now.\n[3.2.11-1]\n- Upstream 3.2.11 bug-fix-only release\n- Switch to using Type=notify for Redis systemd services (RHBZ #1172841)\n- Add Provides:bundled hiredis, linenoise, lua-libs clauses (RHBZ #788500)\n[3.2.10-2]\n- Add redis-trib based on patch from Sebastian Saletnik. (RHBZ #1215654)\n[3.2.9-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild\n[3.2.10-1]\n- Upstream 3.2.10 release\n- Ensure both the redis and redis-sentinel service files set correct perms\n- Dropped systemd tmpfiles source, handled directly in systemd service files\n[3.2.9-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild\n[3.2.9-1]\n- Upstream 3.2.9\n- Add RuntimeDirectory=redis to systemd unit file (RHBZ #1454700)\n- Mark rundir as %ghost since it may disappear (tmpfs - #1454700)\n- Fix a shutdown failure with Unix domain sockets (RHBZ #1444988)\n[3.2.8-1]\n- Upstream 3.2.8\n- bugfix for #3796 (MIGRATE could cause server crash after socket error)\n[3.2.7-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild\n[3.2.7-1]\n- Upstream 3.2.7 (important security fix)\n[3.2.4-2]\n- Install tmpfiles and /run/redis for legacy configurations\n[3.2.4-1]\n- Upstream 3.2.4\n- Fix buffer overlow (TALOS-2016-0206)\n[3.2.3-2]\n- add missing man pages #1374577\n using patch from https://github.com/antirez/redis/pull/3491\n- data and configuration should not be publicly readable #1374700\n- remove /var/run/redis with systemd #1374728\n- provide redis-check-rdb as a symlink to redis-server #1374736\n using patch from https://github.com/antirez/redis/pull/3494\n- move redis-shutdown to libexec\n[3.2.3-1]\n- Upstream 3.2.3\n- Security fix for CVE-2013-7458 (redis-cli history world readable)\n- RHBZ#1363670 RHBZ#1363671\n[3.0.6-3]\n- Fix redis-shutdown to handle password-protected instances shutdown\n[3.0.6-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild\n[3.0.6-1]\n- Upstream 3.0.6 (RHBZ#1272281)\n[3.0.5-1]\n- Upstream 3.0.5\n- Fix slave/master replication hanging forever in certain case\n[3.0.4-1]\n- Update to 3.0.4\n[3.0.3-2]\n- Rebuilt for jemalloc 4.0.0\n[3.0.3-1]\n- Upstream 3.0.3\n[3.0.2-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild\n[3.0.2-1]\n- Upstream 3.0.2 (RHBZ #1228245)\n- Fix Lua sandbox escape and arbitrary code execution (RHBZ #1228331)\n[3.0.1-1]\n- Upstream 3.0.1 (RHBZ #1208322)\n[3.0.0-2]\n- rotate /var/log/redis/sentinel.log\n[3.0.0-1]\n- Upstream 3.0.0 (RHBZ #1208322)\n[2.8.19-2]\n- Fix redis-shutdown on multiple NIC setup (RHBZ #1201237)\n[2.8.19-1]\n- Upstream 2.8.19 (RHBZ #1175232)\n- Fix permissions for tmpfiles (RHBZ #1182913)\n- Add limits config files\n- Spec cleanups\n[2.8.18-1]\n- Upstream 2.8.18\n- Rebased patches\n[2.8.17-1]\n- Upstream 2.8.17\n- fix redis-sentinel service unit file for systemd\n- fix redis-shutdown for sentinel\n- also use redis-shutdown in init scripts\n[2.8.15-2]\n- Minor fix to redis-shutdown (from Remi Collet)\n[2.8.15-1]\n- Upstream 2.8.15 (critical bugfix for sentinel)\n- Fix to sentinel systemd service and configuration (thanks Remi)\n- Refresh patch management\n[2.8.14-2]\n- Cleanup spec\n- Fix shutdown for redis-{server,sentinel}\n- Backport fixes from Remi Collet repository (ie: sentinel working)\n[2.8.14-1]\n- Upstream 2.8.14 (RHBZ #1136287)\n- Bugfix for lua scripting users (server crash)\n- Refresh patches\n- backport spec from EPEL7 (thanks Warren)\n[2.8.13-1]\n- Update to 2.8.13\n[2.8.12-1]\n- Update to 2.8.12\n[2.8.11-1]\n- Update to 2.8.11\n[2.6.16-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild\n[2.6.16-1]\n- Update to 2.6.16\n- Fix rhbz#973151\n- Fix rhbz#656683\n- Fix rhbz#977357 (Jan Vcelak \n)\n[2.6.13-5]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild\n[2.6.13-4]\n- ARM has gperftools\n[2.6.13-3]\n- Modify jemalloc patch for s390 compatibility (Thanks sharkcz)\n[2.6.13-2]\n- Unbundle jemalloc\n[2.6.13-1]\n- Add compile PIE flag (rhbz#955459)\n- Update to redis 2.6.13 (rhbz#820919)\n[2.6.7-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild\n[2.6.7-1]\n- Update to redis 2.6.7\n[2.4.15-3]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild\n[2.4.15-2]\n- Remove TODO from docs\n[2.4.15-1]\n- Update to redis 2.4.15\n[2.4.13-1]\n- Update to redis 2.4.13\n[2.4.10-1]\n- Update to redis 2.4.10\n[2.4.8-1]\n- Update to redis 2.4.8\n[2.4.7-1]\n- Update to redis 2.4.7\n[2.4.6-4]\n- Fixed a typo in the spec\n[2.4.6-3]\n- Fix .service file, to match config (Type=simple).\n[2.4.6-2]\n- Fix .service file, credits go to Timon.\n[2.4.6-1]\n- Update to 2.4.6\n- systemd unit file added\n- Compiler flags changed to compile 2.4.6\n- Remove doc/ and Changelog\n[2.2.12-1]\n- Update to redis 2.2.12\n[2.2.5-2]\n- google-perftools exists only on selected architectures\n[2.2.5-1]\n- Update to redis 2.2.5\n[2.2.2-1]\n- Update to redis 2.2.2\n[2.0.4-2]\n- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild\n[2.0.4-1]\n- Update to redis 2.0.4\n[2.0.3-1]\n- Update to redis 2.0.3\n[2.0.2-1]\n- Update to redis 2.0.2\n- Disable checks section for el5\n[2.0.1-1]\n- Update to redis 2.0.1\n[2.0.0-1]\n- Update to redis 2.0.0\n[1.2.6-3]\n- Add Fedora build flags\n- Send all scriplet output to /dev/null\n- Remove debugging flags\n- Add redis.conf check to init script\n[1.2.6-2]\n- Don't compress man pages\n- Use patch to fix redis.conf\n[1.2.6-1]\n- Initial package", "published": "2021-10-20T00:00:00", "modified": "2021-10-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "http://linux.oracle.com/errata/ELSA-2021-3945.html", "reporter": "OracleLinux", "references": [], "cvelist": ["CVE-2013-7458", "CVE-2019-10192", "CVE-2019-10193", "CVE-2021-29477", "CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-41099"], "immutableFields": [], "lastseen": "2021-10-20T18:26:25", "history": [], "viewCount": 11, "enchantments": {}, "objectVersion": "1.6", "affectedPackage": [{"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.src.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.aarch64.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c.aarch64.rpm", "operator": "lt", "packageName": "redis-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-doc-6.0.9-5.module+el8.4.0+20384+68ad316c.noarch.rpm", "operator": "lt", "packageName": "redis-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.src.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.x86_64.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c.x86_64.rpm", "operator": "lt", "packageName": "redis-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-doc-6.0.9-5.module+el8.4.0+20384+68ad316c.noarch.rpm", "operator": "lt", "packageName": "redis-doc"}]}, "lastseen": "2021-10-20T18:26:25", "differentElements": ["cvelist", "cvss2", "cvss3", "description"], "edition": 1}], "viewCount": 16, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2021-3918.NASL", "ORACLELINUX_ELSA-2021-3945.NASL", "FREEBSD_PKG_9B4806C1257F11EC9DB50800270512F4.NASL", "ORACLELINUX_ELSA-2021-3918.NASL"]}, {"type": "almalinux", "idList": ["ALSA-2021:3945", "ALSA-2021:3918"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3918"]}, {"type": "freebsd", "idList": ["9B4806C1-257F-11EC-9DB5-0800270512F4"]}, {"type": "fedora", "idList": ["FEDORA:BF9FA30B86ED", "FEDORA:CE56330B8B4D"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-32626", "RH:CVE-2021-32627", "RH:CVE-2021-32675", "RH:CVE-2021-41099", "RH:CVE-2021-32687", "RH:CVE-2021-32628"]}, {"type": "cve", "idList": ["CVE-2021-32687", "CVE-2021-41099", "CVE-2021-32628", "CVE-2021-32627", "CVE-2021-32626", "CVE-2021-32675"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-41099", "UB:CVE-2021-32628", "UB:CVE-2021-32687", "UB:CVE-2021-32626", "UB:CVE-2021-32675", "UB:CVE-2021-32627"]}], "modified": "2021-10-20T20:26:40", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-10-20T20:26:40", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.src.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.aarch64.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "aarch64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c.aarch64.rpm", "operator": "lt", "packageName": "redis-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-doc-6.0.9-5.module+el8.4.0+20384+68ad316c.noarch.rpm", "operator": "lt", "packageName": "redis-doc"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "src", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.src.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-6.0.9-5.module+el8.4.0+20384+68ad316c.x86_64.rpm", "operator": "lt", "packageName": "redis"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c.x86_64.rpm", "operator": "lt", "packageName": "redis-devel"}, {"OS": "oracle linux", "OSVersion": "8", "arch": "noarch", "packageVersion": "6.0.9-5.module", "packageFilename": "redis-doc-6.0.9-5.module+el8.4.0+20384+68ad316c.noarch.rpm", "operator": "lt", "packageName": "redis-doc"}], "_object_type": "robots.models.oraclelinux.OracleLinuxBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.oraclelinux.OracleLinuxBulletin"]}], "nessus": [{"id": "ORACLELINUX_ELSA-2021-3945.NASL", "hash": "6300a90e329af66c8e0e1afc32fb5a94", "type": "nessus", "bulletinFamily": "scanner", "title": "Oracle Linux 8 : redis:6 (ELSA-2021-3945)", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3945 advisory.\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete checks for this condition. This can result with heap corruption and potentially remote code execution.\n This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. (CVE-2021-32626)\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions an integer overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer- limit configuration parameters to very large values and constructing specially crafted very large stream elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32627)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max- ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32628)\n\n - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker delivering specially crafted requests over multiple connections can cause the server to allocate significant amount of memory. Because the same parsing mechanism is used to handle authentication requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This can be done in different ways: Using network access control tools like firewalls, iptables, security groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.\n (CVE-2021-32675)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the underlying string library can be used to corrupt the heap and potentially result with denial of service or remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration parameter to a very large value and constructing specially crafted network payloads or commands. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the proto-max- bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-41099)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents of the heap or trigger remote code execution. The vulnerability involves changing the default set-max- intset-entries configuration parameter to a very large value and constructing specially crafted commands to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32687)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-10-20T00:00:00", "modified": "2021-10-20T00:00:00", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/154268", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32675", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32628", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41099", "https://linux.oracle.com/errata/ELSA-2021-3945.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32687", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32626", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32627"], "cvelist": ["CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-41099"], "immutableFields": [], "lastseen": "2021-10-21T14:10:45", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2021-3918.NASL", "REDHAT-RHSA-2021-3946.NASL", "ORACLELINUX_ELSA-2021-3918.NASL", "REDHAT-RHSA-2021-3944.NASL", "REDHAT-RHSA-2021-3945.NASL", "CENTOS8_RHSA-2021-3945.NASL", "FREEBSD_PKG_9B4806C1257F11EC9DB50800270512F4.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-3918", "ELSA-2021-3945"]}, {"type": "almalinux", "idList": ["ALSA-2021:3918", "ALSA-2021:3945"]}, {"type": "freebsd", "idList": ["9B4806C1-257F-11EC-9DB5-0800270512F4"]}, {"type": "fedora", "idList": ["FEDORA:CE56330B8B4D", "FEDORA:BF9FA30B86ED"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-32626", "UB:CVE-2021-32687", "UB:CVE-2021-32675", "UB:CVE-2021-32627", "UB:CVE-2021-41099", "UB:CVE-2021-32628"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-32687", "RH:CVE-2021-32627", "RH:CVE-2021-32626", "RH:CVE-2021-41099", "RH:CVE-2021-32628", "RH:CVE-2021-32675"]}, {"type": "cve", "idList": ["CVE-2021-32626", "CVE-2021-32628", "CVE-2021-32627", "CVE-2021-32687", "CVE-2021-41099", "CVE-2021-32675"]}], "modified": "2021-10-21T14:10:45", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-10-21T14:10:45", "rev": 2}}, "objectVersion": "1.6", "pluginID": "154268", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-3945.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154268);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/20\");\n\n script_cve_id(\n \"CVE-2021-32626\",\n \"CVE-2021-32627\",\n \"CVE-2021-32628\",\n \"CVE-2021-32675\",\n \"CVE-2021-32687\",\n \"CVE-2021-41099\"\n );\n\n script_name(english:\"Oracle Linux 8 : redis:6 (ELSA-2021-3945)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-3945 advisory.\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions specially crafted\n Lua scripts executing in Redis can cause the heap-based Lua stack to be overflowed, due to incomplete\n checks for this condition. This can result with heap corruption and potentially remote code execution.\n This problem exists in all versions of Redis with Lua scripting support, starting from 2.6. The problem is\n fixed in versions 6.2.6, 6.0.16 and 5.0.14. For users unable to update an additional workaround to\n mitigate the problem without patching the redis-server executable is to prevent users from executing Lua\n scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. (CVE-2021-32626)\n\n - Redis is an open source, in-memory database that persists on disk. In affected versions an integer\n overflow bug in Redis can be exploited to corrupt the heap and potentially result with remote code\n execution. The vulnerability involves changing the default proto-max-bulk-len and client-query-buffer-\n limit configuration parameters to very large values and constructing specially crafted very large stream\n elements. The problem is fixed in Redis 6.2.6, 6.0.16 and 5.0.14. For users unable to upgrade an\n additional workaround to mitigate the problem without patching the redis-server executable is to prevent\n users from modifying the proto-max-bulk-len configuration parameter. This can be done using ACL to\n restrict unprivileged users from using the CONFIG SET command. (CVE-2021-32627)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist\n data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result\n with remote code execution. The vulnerability involves modifying the default ziplist configuration\n parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-\n ziplist-value) to a very large value, and then constructing specially crafted commands to create very\n large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to\n mitigate the problem without patching the redis-server executable is to prevent users from modifying the\n above configuration parameters. This can be done using ACL to restrict unprivileged users from using the\n CONFIG SET command. (CVE-2021-32628)\n\n - Redis is an open source, in-memory database that persists on disk. When parsing an incoming Redis Standard\n Protocol (RESP) request, Redis allocates memory according to user-specified values which determine the\n number of elements (in the multi-bulk header) and size of each element (in the bulk header). An attacker\n delivering specially crafted requests over multiple connections can cause the server to allocate\n significant amount of memory. Because the same parsing mechanism is used to handle authentication\n requests, this vulnerability can also be exploited by unauthenticated users. The problem is fixed in Redis\n versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate this problem without patching the\n redis-server executable is to block access to prevent unauthenticated users from connecting to Redis. This\n can be done in different ways: Using network access control tools like firewalls, iptables, security\n groups, etc. or Enabling TLS and requiring users to authenticate using client side certificates.\n (CVE-2021-32675)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the\n underlying string library can be used to corrupt the heap and potentially result with denial of service or\n remote code execution. The vulnerability involves changing the default proto-max-bulk-len configuration\n parameter to a very large value and constructing specially crafted network payloads or commands. The\n problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional workaround to mitigate the\n problem without patching the redis-server executable is to prevent users from modifying the proto-max-\n bulk-len configuration parameter. This can be done using ACL to restrict unprivileged users from using the\n CONFIG SET command. (CVE-2021-41099)\n\n - Redis is an open source, in-memory database that persists on disk. An integer overflow bug affecting all\n versions of Redis can be exploited to corrupt the heap and potentially be used to leak arbitrary contents\n of the heap or trigger remote code execution. The vulnerability involves changing the default set-max-\n intset-entries configuration parameter to a very large value and constructing specially crafted commands\n to manipulate sets. The problem is fixed in Redis versions 6.2.6, 6.0.16 and 5.0.14. An additional\n workaround to mitigate the problem without patching the redis-server executable is to prevent users from\n modifying the set-max-intset-entries configuration parameter. This can be done using ACL to restrict\n unprivileged users from using the CONFIG SET command. (CVE-2021-32687)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-3945.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected redis, redis-devel and / or redis-doc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32626\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:redis\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:redis-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:redis-doc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/redis');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module redis:6');\nif ('6' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module redis:' + module_ver);\n\nvar appstreams = {\n 'redis:6': [\n {'reference':'redis-6.0.9-5.module+el8.4.0+20384+68ad316c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'redis-6.0.9-5.module+el8.4.0+20384+68ad316c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'redis-devel-6.0.9-5.module+el8.4.0+20384+68ad316c', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'redis-doc-6.0.9-5.module+el8.4.0+20384+68ad316c', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module redis:6');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redis / redis-devel / redis-doc');\n}\n", "naslFamily": "Oracle Linux Local Security Checks", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:redis", "p-cpe:/a:oracle:linux:redis-devel", "p-cpe:/a:oracle:linux:redis-doc"], "solution": "Update the affected redis, redis-devel and / or redis-doc packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-32626", "vpr": {"risk factor": "High", "score": "7.4"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-10-20T00:00:00", "vulnerabilityPublicationDate": "2021-10-04T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.nessus.NessusBulletin", "robots.models.base.Bulletin"]}, {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "614f0cd1863977b7cab2c75f951b4173", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).", "published": "2016-10-19T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94127", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://blog.torproject.org/tor-0289-released-important-fixes", "http://www.nessus.org/u?4ab78fc6"], "cvelist": [], "immutableFields": [], "lastseen": "2021-08-19T12:39:13", "history": [{"bulletin": {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "c51142753e8014ec3cabfbaeb1d4719c2be2e3ab0dbdfd501516581a8168458b", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).", "published": "2016-10-19T00:00:00", "modified": "2018-12-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=94127", "reporter": "Tenable", "references": ["https://blog.torproject.org/tor-0289-released-important-fixes", "http://www.nessus.org/u?4ab78fc6"], "cvelist": [], "immutableFields": [], "lastseen": "2019-01-16T20:25:10", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2019-01-16T20:25:10", "references": [{"idList": ["C1DC55DC-9556-11E6-B154-3065EC8FD3EC"], "type": "freebsd"}]}, "score": {"value": 5.0, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tor"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2019-01-16T20:25:10", "differentElements": ["description", "href", "modified", "reporter"], "edition": 1}, {"bulletin": {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "cfc4a7d5666f07ddbb4fc709cbd7464cfb930ff38a290c224380b84d6d6425d0", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can", "published": "2016-10-19T00:00:00", "modified": "2020-01-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94127", "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://blog.torproject.org/tor-0289-released-important-fixes", "http://www.nessus.org/u?4ab78fc6"], "cvelist": [], "immutableFields": [], "lastseen": "2020-01-01T07:46:01", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2020-01-01T07:46:01", "references": [{"idList": ["C1DC55DC-9556-11E6-B154-3065EC8FD3EC"], "type": "freebsd"}]}, "score": {"modified": "2020-01-01T07:46:01", "value": -0.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tor"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-01-01T07:46:01", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "7cc6bad1aff43e31538611b216b2748e7f971b3aaca55e6b565f1389e1e76717", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can", "published": "2016-10-19T00:00:00", "modified": "2020-05-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94127", "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://blog.torproject.org/tor-0289-released-important-fixes", "http://www.nessus.org/u?4ab78fc6"], "cvelist": [], "immutableFields": [], "lastseen": "2020-05-01T00:24:29", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-05-01T00:24:29", "references": [{"idList": ["C1DC55DC-9556-11E6-B154-3065EC8FD3EC"], "type": "freebsd"}], "rev": 2}, "score": {"modified": "2020-05-01T00:24:29", "rev": 2, "value": -0.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tor"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-05-01T00:24:29", "differentElements": ["description", "modified"], "edition": 3}, {"bulletin": {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "45c724dcf4b6acf2e6ea005cc94ef8748cdd25cc2a281be6679559bf866884e9", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).", "published": "2016-10-19T00:00:00", "modified": "2020-12-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94127", "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://blog.torproject.org/tor-0289-released-important-fixes", "http://www.nessus.org/u?4ab78fc6"], "cvelist": [], "immutableFields": [], "lastseen": "2020-12-01T10:57:51", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2020-12-01T10:57:51", "references": [], "rev": 2}, "score": {"modified": "2020-12-01T10:57:51", "rev": 2, "value": -0.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tor"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2020-12-01T10:57:51", "differentElements": ["modified"], "edition": 4}, {"bulletin": {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "6bfb7a9b2da2e332f7f65084acdbb89af1ada95b53b604644cc6810c69ce9247", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).", "published": "2016-10-19T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94127", "reporter": "This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://blog.torproject.org/tor-0289-released-important-fixes", "http://www.nessus.org/u?4ab78fc6"], "cvelist": [], "immutableFields": [], "lastseen": "2021-01-01T02:45:09", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"modified": "2021-01-01T02:45:09", "references": [], "rev": 2}, "score": {"modified": "2021-01-01T02:45:09", "rev": 2, "value": -0.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.3\");\n script_cvs_date(\"Date: 2018/12/19 13:21:18\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tor"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-01T02:45:09", "differentElements": ["modified", "reporter", "sourceData"], "edition": 5}, {"bulletin": {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "21224ed3f82504bee6470d8b75ba8780", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).", "published": "2016-10-19T00:00:00", "modified": "2016-10-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94127", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://blog.torproject.org/tor-0289-released-important-fixes", "http://www.nessus.org/u?4ab78fc6"], "cvelist": [], "immutableFields": [], "lastseen": "2021-01-06T10:57:53", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [], "modified": "2021-01-06T10:57:53", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2021-01-06T10:57:53", "rev": 2}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:tor"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-01-06T10:57:53", "differentElements": ["description", "modified", "patchPublicationDate", "solution", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL", "hash": "9828f6f7e6de798b64bab304d6c4bdab", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)", "description": "The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).", "published": "2016-10-19T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/94127", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?4ab78fc6", "https://blog.torproject.org/tor-0289-released-important-fixes"], "cvelist": [], "immutableFields": [], "lastseen": "2021-08-11T14:01:46", "history": [], "viewCount": 2, "enchantments": {"dependencies": {"references": [], "modified": "2021-08-11T14:01:46", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2021-08-11T14:01:46", "rev": 2}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor", "p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2016-10-18T00:00:00", "vulnerabilityPublicationDate": "2016-10-17T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-11T14:01:46", "differentElements": ["nessusSeverity"], "edition": 7}], "viewCount": 2, "enchantments": {"dependencies": {"references": [], "modified": "2021-08-19T12:39:13", "rev": 2}, "score": {"value": -0.5, "vector": "NONE", "modified": "2021-08-19T12:39:13", "rev": 2}}, "objectVersion": "1.6", "pluginID": "94127", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94127);\n script_version(\"2.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_name(english:\"FreeBSD : Tor -- remote denial of service (c1dc55dc-9556-11e6-b154-3065ec8fd3ec)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Tor Blog reports :\n\nPrevent a class of security bugs caused by treating the contents of a\nbuffer chunk as if they were a NUL-terminated string. At least one\nsuch bug seems to be present in all currently used versions of Tor,\nand would allow an attacker to remotely crash most Tor instances,\nespecially those compiled with extra compiler hardening. With this\ndefense in place, such bugs can't crash Tor, though we should still\nfix them as they occur. Closes ticket 20384 (TROVE-2016-10-001).\"\n );\n # https://blog.torproject.org/blog/tor-0289-released-important-fixes\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://blog.torproject.org/tor-0289-released-important-fixes\"\n );\n # https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4ab78fc6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/10/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"tor<0.2.8.9\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tor-devel<0.2.9.4-alpha\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:tor", "p-cpe:/a:freebsd:freebsd:tor-devel", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2016-10-18T00:00:00", "vulnerabilityPublicationDate": "2016-10-17T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}], "rst": [{"id": "RST:1B3F9853-1E49-30D7-A2D0-A7B6E64A6EED", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: http://111.17.186.194:20384/mozi.m", "description": "Found **http://111[.]17.186.194:20384/mozi.m** in [RST Threat Feed](https://rstcloud.net/profeed) with score **59**.\n First seen: 2021-08-27T03:00:00, Last seen: 2021-08-30T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-08-31T00:00:00", "modified": "2021-08-27T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-08-30T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "1090139404e2ecca564e87ec6fe80e0f"}, {"key": "domain", "hash": "e984b95caaf7240eacf4fa44ea596b9e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "0ad7aff87eb9ee0e3a0818577d4fe54a"}, {"key": "iocType", "hash": "572d4e421e5e6b9bc11d815e8a027112"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "e2ec7307c22f5f9725c12cc22e668fd0"}, {"key": "published", "hash": "b7cab4456d24bbd3ba7a5ac80614bc22"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "13dea883b752e2629bfcc86e61e3a06c"}, {"key": "threat", "hash": "edfe9c7a43c9d0c627be2fb2f9d84a42"}, {"key": "title", "hash": "ddec8ea951f35e403d9eab21ca5fa2d8"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "bba482eafca1e428752b010056669be7"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "9c37aba52de80805168501b2710a427fd069aa821549fb97aa2dfb30fe5d18f3", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "url", "ip": [], "domain": ["http"], "url": ["http://111.17.186.194:20384/mozi.m"], "iocScore": {"ioc_frequency": 0.95, "ioc_src": 70.58, "ioc_tags": 0.89, "ioc_total": 59.0}, "tags": ["malware"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": ["mozi"]}, {"id": "RST:E29E922F-188D-30C1-8EF6-31E4BD36D36F", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: http://111.17.186.194:20384/mozi.a", "description": "Found **http://111[.]17.186.194:20384/mozi.a** in [RST Threat Feed](https://rstcloud.net/profeed) with score **62**.\n First seen: 2021-08-30T03:00:00, Last seen: 2021-08-30T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-08-31T00:00:00", "modified": "2021-08-30T00:00:00", "cvss": {}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-08-30T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss2", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "5f66d08ccd568a4f3dc136c57f016825"}, {"key": "domain", "hash": "e984b95caaf7240eacf4fa44ea596b9e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "bde304e81bd975ddc9da41422a39908f"}, {"key": "iocType", "hash": "572d4e421e5e6b9bc11d815e8a027112"}, {"key": "ip", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "e8f671c309171210df7afe64142d9f7f"}, {"key": "published", "hash": "b7cab4456d24bbd3ba7a5ac80614bc22"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "13dea883b752e2629bfcc86e61e3a06c"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "2fa3cdf406edc0ad8b0651baaffd39e4"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d1f79131364a75a9adfac0b01fc26036"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "b4ad2a99143dbc233f209966febc4b46d006c5d9905edee004a500c8cd0236d9", "viewCount": 0, "enchantments": {}, "objectVersion": "1.6", "iocType": "url", "ip": [], "domain": ["http"], "url": ["http://111.17.186.194:20384/mozi.a"], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 70.58, "ioc_tags": 0.89, "ioc_total": 62.0}, "tags": ["malware"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": []}, {"id": "RST:1541F191-9EBE-3B21-9108-A30511133CCA", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 45.136.187.63", "description": "Found **45[.]136.187.63** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2021-01-24T03:00:00, Last seen: 2021-01-30T03:00:00.\n IOC tags: **shellprobe**.\nASN 138195: (First IP 45.136.184.0, Last IP 45.136.187.255).\nASN Name \"AS138195\" and Organisation \"\".\nASN hosts 20384 domains.\nGEO IP information: City \"\", Country \"Australia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-01-31T00:00:00", "modified": "2021-01-24T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-01-30T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1ecac453950270196fba0ef0550118bd"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "008dca15a1cbc11432700b9998736727"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "a307971ff3f81c55dc8070b45e7f25e5"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "4c75e65ebfe8736e10c7daac676adbe6"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "6fc13e9ab2e95e848724f9487ac6c7c5"}, {"key": "modified", "hash": "00fa6eeb419a3158fedbedd6830c38ad"}, {"key": "published", "hash": "2198e08de17fc9f380564f2bcc41b05f"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "7804d0d7c594283c7ef18b84e4339474"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "8ec5a4a619f521a943bd5b1d789d2823"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "94cde701d8d8b4e1a8135dc3a42cffb82200276f11a286202a848611496f6bb2", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["45.136.187.63"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.9, "ioc_src": 64.59, "ioc_tags": 0.75, "ioc_total": 43.0}, "tags": ["shellprobe"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Australia", "region": ""}, "asn": {"cloud": "", "domains": 20384, "firstip": {"netv4": "45.136.184.0", "num": "763934720"}, "isp": "AS138195", "lastip": {"netv4": "45.136.187.255", "num": "763935743"}, "num": 138195, "org": ""}, "threat": []}, {"id": "RST:98C2E757-CDE7-3079-999F-CDA0BBD67364", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 45.136.187.139", "description": "Found **45[.]136.187.139** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **42**.\n First seen: 2021-01-19T03:00:00, Last seen: 2021-01-26T03:00:00.\n IOC tags: **shellprobe**.\nASN 138195: (First IP 45.136.184.0, Last IP 45.136.187.255).\nASN Name \"AS138195\" and Organisation \"\".\nASN hosts 20384 domains.\nGEO IP information: City \"\", Country \"Netherlands\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-01-27T00:00:00", "modified": "2021-01-19T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-01-26T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "1ecac453950270196fba0ef0550118bd"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "91dc89e1a20bb8d53f6d6d72d5be7057"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "53e11448e864de6046f4bc8ba6159d10"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "84162e6659b0f7b40625001dcc05a7bd"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "993631f83e738c5a6b3ad8d198b4ad5e"}, {"key": "modified", "hash": "ae74da4ad810d21b5109625d9f6780fa"}, {"key": "published", "hash": "ad2319d65e4c049b5211882971059e74"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "7804d0d7c594283c7ef18b84e4339474"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "4f829d5b84331fe47ae3d833fa3e8333"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "98d0b58e0434188195c415e7feb37b8b633fc8cb045334601f642e99127a04b0", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["45.136.187.139"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.88, "ioc_src": 64.84, "ioc_tags": 0.75, "ioc_total": 42.0}, "tags": ["shellprobe"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "Netherlands", "region": ""}, "asn": {"cloud": "", "domains": 20384, "firstip": {"netv4": "45.136.184.0", "num": "763934720"}, "isp": "AS138195", "lastip": {"netv4": "45.136.187.255", "num": "763935743"}, "num": 138195, "org": ""}, "threat": []}, {"id": "RST:AA9B7D70-BB5C-37D9-9C2E-13F7C30CE041", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 103.127.126.224", "description": "Found **103[.]127.126.224** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **43**.\n First seen: 2020-12-29T03:00:00, Last seen: 2020-12-31T03:00:00.\n IOC tags: **generic**.\nASN 138195: (First IP 103.127.124.0, Last IP 103.127.127.255).\nASN Name \"AS138195\" and Organisation \"\".\nASN hosts 20384 domains.\nGEO IP information: City \"\", Country \"South Korea\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-01-05T00:00:00", "modified": "2020-12-29T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-31T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "47d069f3d2f7ea2d3d1de8c736d1c61d"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "edb11ff91b9bb6b4fef5b20e848e522b"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "cee03bdb421877ad9ed272f3df0287fc"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "a94a8c3d6ebd7d1a0055243c1b699a59"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "4dda142258f10bd5428fc147c78c4c5c"}, {"key": "modified", "hash": "f848eb4396d0ab55c17a65e65cb17d0c"}, {"key": "published", "hash": "104521a976abf2e41bea083b8f5112f3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "7dce142f032ed882ff4fb1f6e99e9e7e"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "795ec667a02fab3544575f988b8342868acd3420e92794488e5e7a8d5d22932c", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["103.127.126.224"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.96, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 43.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "South Korea", "region": ""}, "asn": {"cloud": "", "domains": 20384, "firstip": {"netv4": "103.127.124.0", "num": "1736408064"}, "isp": "AS138195", "lastip": {"netv4": "103.127.127.255", "num": "1736409087"}, "num": 138195, "org": ""}, "threat": []}, {"id": "RST:72C95F12-377D-319C-A9A4-EEB7FEB76E87", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 116.193.152.156", "description": "Found **116[.]193.152.156** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **37**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-31T03:00:00.\n IOC tags: **generic**.\nASN 138195: (First IP 116.193.152.0, Last IP 116.193.155.255).\nASN Name \"AS138195\" and Organisation \"\".\nASN hosts 20384 domains.\nGEO IP information: City \"\", Country \"China\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-01-05T00:00:00", "modified": "2020-12-21T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-31T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "95faaea1e72ff125b03d0700337441d4"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "0e817ae8d6ba7c48df7dea4e755ba619"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d4d39cbddea89d9efaead4b13ade7753"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "8f374a6e0fb5180038434088b6765a18"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "1e7329df8af164d6b028889cc344cfd8"}, {"key": "modified", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "published", "hash": "104521a976abf2e41bea083b8f5112f3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "25f5be6416d3c5faee86ca879e0c4390"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "3f18c267c8d619b533c3107009b789f503586d92c2def17762cf176727f5bb85", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["116.193.152.156"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 0.84, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 37.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "China", "region": ""}, "asn": {"cloud": "", "domains": 20384, "firstip": {"netv4": "116.193.152.0", "num": "1958844416"}, "isp": "AS138195", "lastip": {"netv4": "116.193.155.255", "num": "1958845439"}, "num": 138195, "org": ""}, "threat": []}, {"id": "RST:F7678594-60D4-3600-B156-C6125F82FA4F", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 199.59.5.11", "description": "Found **199[.]59.5.11** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2020-12-21T03:00:00, Last seen: 2020-12-21T03:00:00.\n IOC tags: **generic**.\nASN 20384: (First IP 199.59.1.0, Last IP 199.59.5.255).\nASN Name \"NWLRBD\" and Organisation \"NewellRubbermaid Inc\".\nASN hosts 746 domains.\nGEO IP information: City \"\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2020-12-21T00:00:00", "modified": "2020-12-21T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2020-12-21T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "e41a63bcea1af7cdd84eaf679201c592"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "388e9c7e3aff0da0e87d1adb76989469"}, {"key": "domain", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "e1f48e147806d10e6da0f0d316330810"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "febab1a7b4eff09bcc383c80b69e1744"}, {"key": "iocType", "hash": "957b527bcfbad2e80f58d20683931435"}, {"key": "ip", "hash": "8edeab5402fc813e680245617e949dbc"}, {"key": "modified", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "published", "hash": "ca83b56a697d4c8e5d6fda6b67f10ec4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "db34099e531f5ecc1dd7c5e13c35811a"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "b35d21ff922abac3385e5596e03d3bb8"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "d3330b43a9eba2501da2f2f5548a188316e8b46769ec7a90e6ba73914cef87ac", "viewCount": 0, "enchantments": {}, "objectVersion": "1.3", "iocType": "ip", "ip": ["199.59.5.11"], "domain": [], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 56.12, "ioc_tags": 0.8, "ioc_total": 44.0}, "tags": ["generic"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {"city": "", "country": "United States", "region": ""}, "asn": {"cloud": "", "domains": 746, "firstip": {"netv4": "199.59.1.0", "num": "3342532864"}, "isp": "NWLRBD", "lastip": {"netv4": "199.59.5.255", "num": "3342534143"}, "num": 20384, "org": "NewellRubbermaid Inc"}, "threat": []}], "cve": [{"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2019-20384", "bulletinFamily": "NVD", "title": "CVE-2019-20384", "description": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.", "published": "2020-01-21T00:15:00", "modified": "2021-07-21T11:39:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20384", "reporter": "cve@mitre.org", "references": ["https://bugs.gentoo.org/692492", "http://www.openwall.com/lists/oss-security/2020/01/21/1"], "cvelist": ["CVE-2019-20384"], "type": "cve", "lastseen": "2021-08-04T17:15:24", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "gentoo:portage", "name": "gentoo portage", "operator": "le", "version": "2.3.84"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:gentoo:portage:2.3.84"], "cpe23": ["cpe:2.3:a:gentoo:portage:2.3.84:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gentoo:portage:2.3.84:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.3.84", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-20384"], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-281"], "description": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.", "edition": 10, "enchantments": {"dependencies": {"modified": "2021-07-22T08:54:27", "references": [], "rev": 2}, "score": {"modified": "2021-07-22T08:54:27", "rev": 2, "value": 3.5, "vector": "NONE"}}, "extraReferences": [{"name": "[oss-security] 20200121 CVE-2019-20384: Portage insecure temporary location", "refsource": "MLIST", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://www.openwall.com/lists/oss-security/2020/01/21/1"}, {"name": "https://bugs.gentoo.org/692492", "refsource": "MISC", "tags": ["Vendor Advisory", "Exploit", "Issue Tracking"], "url": "https://bugs.gentoo.org/692492"}], "hash": "af6648f27293d139a6a16a6bc9e99b289247ef4b199a1c30b3f286ca8797cf90", "hashmap": [{"hash": "1d7434c8d75dc1d7a9cdbeadb4f8bfc8", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "fc5473fae1d3bb585abdd2e9c1078527", "key": "description"}, {"hash": "a65ff41cbd9ded9daf34945825bb17f5", "key": "cwe"}, {"hash": "68092ab9a0c8a72c04c57a987454229f", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "212a711d991550b25a013cdf14d9b754", "key": "affectedSoftware"}, {"hash": "d45e3450770bf31d415b9bac4ce5b7b6", "key": "cvss2"}, {"hash": "f1f4273c3a96e778e2faa277c6f51a8a", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "56c9be9bf1dc14b82acf296e632cf52b", "key": "cpe"}, {"hash": "17e70f50527a49b4899469454ef60058", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6d4297d07b3ee5cdba3b4ea027d97f08", "key": "cvss3"}, {"hash": "f0e455aa9964a7906b1afd158154e5b1", "key": "href"}, {"hash": "5295b32ceeb9be4d75c234966cde462e", "key": "cpe23"}, {"hash": "982a15cfc23e8632d3a6a1fe5d2ae575", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "af4b89a6275ed5e2d8f19dcea347dee6", "key": "cvelist"}, {"hash": "183798fce373747341ba2f32f8021ac7", "key": "modified"}, {"hash": "9a39a2734c5e2022cad8bc56c8087647", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20384", "id": "CVE-2019-20384", "immutableFields": [], "lastseen": "2021-07-22T08:54:27", "modified": "2021-07-21T11:39:00", "objectVersion": "1.5", "published": "2020-01-21T00:15:00", "references": ["https://bugs.gentoo.org/692492", "http://www.openwall.com/lists/oss-security/2020/01/21/1"], "reporter": "cve@mitre.org", "title": "CVE-2019-20384", "type": "cve", "viewCount": 31}, "different_elements": ["cwe"], "edition": 10, "lastseen": "2021-07-22T08:54:27"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "gentoo:portage", "name": "gentoo portage", "operator": "le", "version": "2.3.84"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:gentoo:portage:2.3.84"], "cpe23": ["cpe:2.3:a:gentoo:portage:2.3.84:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2019-20384"], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-281"], "description": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T14:54:34", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T14:54:34", "rev": 2, "value": 3.5, "vector": "NONE"}}, "hash": "d3f713031c09e7eadaefd4a3134f749f36f323f2da69d847bfb427b193dc14ad", "hashmap": [{"hash": "fc5473fae1d3bb585abdd2e9c1078527", "key": "description"}, {"hash": "a65ff41cbd9ded9daf34945825bb17f5", "key": "cwe"}, {"hash": "8c8adb2fb1c21a0105e50adb87f46ef2", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "212a711d991550b25a013cdf14d9b754", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "d45e3450770bf31d415b9bac4ce5b7b6", "key": "cvss2"}, {"hash": "f1f4273c3a96e778e2faa277c6f51a8a", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "56c9be9bf1dc14b82acf296e632cf52b", "key": "cpe"}, {"hash": "17e70f50527a49b4899469454ef60058", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6d4297d07b3ee5cdba3b4ea027d97f08", "key": "cvss3"}, {"hash": "f0e455aa9964a7906b1afd158154e5b1", "key": "href"}, {"hash": "5295b32ceeb9be4d75c234966cde462e", "key": "cpe23"}, {"hash": "982a15cfc23e8632d3a6a1fe5d2ae575", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "af4b89a6275ed5e2d8f19dcea347dee6", "key": "cvelist"}, {"hash": "9a39a2734c5e2022cad8bc56c8087647", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20384", "id": "CVE-2019-20384", "lastseen": "2020-09-21T14:54:34", "modified": "2020-01-29T17:15:00", "objectVersion": "1.3", "published": "2020-01-21T00:15:00", "references": ["https://bugs.gentoo.org/692492", "http://www.openwall.com/lists/oss-security/2020/01/21/1"], "reporter": "cve@mitre.org", "title": "CVE-2019-20384", "type": "cve", "viewCount": 26}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T14:54:34"}, {"bulletin": {"affectedSoftware": [{"name": "gentoo portage", "operator": "le", "version": "2.3.84"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-20384"], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-281"], "description": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-01-30T13:24:16", "references": [], "rev": 2}, "score": {"modified": "2020-01-30T13:24:16", "rev": 2, "value": 3.5, "vector": "NONE"}}, "hash": "7408421ba3794a9361a9f27ee95caf87b8a7e07dfa08f75c5d175be636491d2f", "hashmap": [{"hash": "fc5473fae1d3bb585abdd2e9c1078527", "key": "description"}, {"hash": "a65ff41cbd9ded9daf34945825bb17f5", "key": "cwe"}, {"hash": "8c8adb2fb1c21a0105e50adb87f46ef2", "key": "modified"}, {"hash": "50973920cfe2930d6a87118088f017ef", "key": "affectedSoftware"}, {"hash": "d45e3450770bf31d415b9bac4ce5b7b6", "key": "cvss2"}, {"hash": "f1f4273c3a96e778e2faa277c6f51a8a", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "17e70f50527a49b4899469454ef60058", "key": "cvss"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f0e455aa9964a7906b1afd158154e5b1", "key": "href"}, {"hash": "982a15cfc23e8632d3a6a1fe5d2ae575", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "af4b89a6275ed5e2d8f19dcea347dee6", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9a39a2734c5e2022cad8bc56c8087647", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20384", "id": "CVE-2019-20384", "lastseen": "2020-01-30T13:24:16", "modified": "2020-01-29T17:15:00", "objectVersion": "1.3", "published": "2020-01-21T00:15:00", "references": ["https://bugs.gentoo.org/692492", "http://www.openwall.com/lists/oss-security/2020/01/21/1"], "reporter": "cve@mitre.org", "title": "CVE-2019-20384", "type": "cve", "viewCount": 26}, "differentElements": ["cpe23", "cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-01-30T13:24:16"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2019-20384"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-01-22T13:26:06", "references": []}, "score": {"modified": "2020-01-22T13:26:06", "value": 3.5, "vector": "NONE"}}, "hash": "8bf17f0c85904241c9bbd614aeffc3d69c6d1a8c7136e6b2e36b10f490394227", "hashmap": [{"hash": "fc5473fae1d3bb585abdd2e9c1078527", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "f1f4273c3a96e778e2faa277c6f51a8a", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f0e455aa9964a7906b1afd158154e5b1", "key": "href"}, {"hash": "40ef0fa218ca5287f0a64cf9a7f1c9bf", "key": "modified"}, {"hash": "982a15cfc23e8632d3a6a1fe5d2ae575", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "af4b89a6275ed5e2d8f19dcea347dee6", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "9a39a2734c5e2022cad8bc56c8087647", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20384", "id": "CVE-2019-20384", "lastseen": "2020-01-22T13:26:06", "modified": "2020-01-21T13:19:00", "objectVersion": "1.3", "published": "2020-01-21T00:15:00", "references": ["https://bugs.gentoo.org/692492", "http://www.openwall.com/lists/oss-security/2020/01/21/1"], "reporter": "cve@mitre.org", "title": "CVE-2019-20384", "type": "cve", "viewCount": 25}, "differentElements": ["cvss", "cvss2", "modified", "cwe", "affectedSoftware"], "edition": 2, "lastseen": "2020-01-22T13:26:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "gentoo:portage", "name": "gentoo portage", "operator": "le", "version": "*"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:gentoo:portage:2.3.84"], "cpe23": ["cpe:2.3:a:gentoo:portage:2.3.84:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:gentoo:portage:2.3.84:*:*:*:*:*:*:*", "versionEndIncluding": "2.3.84", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2019-20384"], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-281"], "description": "Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-30T02:08:04", "references": [], "rev": 2}, "score": {"modified": "2020-11-30T02:08:04", "rev": 2, "value": 3.5, "vector": "NONE"}}, "hash": "2a75f59a3f3e29ad1bbac00ce910b5dfde1f60f85eabfdcda640ef9910b80da9", "hashmap": [{"hash": "fc5473fae1d3bb585abdd2e9c1078527", "key": "description"}, {"hash": "a65ff41cbd9ded9daf34945825bb17f5", "key": "cwe"}, {"hash": "8c8adb2fb1c21a0105e50adb87f46ef2", "key": "modified"}, {"hash": "6d883308c51423454d7feb455a8d5851", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "d45e3450770bf31d415b9bac4ce5b7b6", "key": "cvss2"}, {"hash": "f1f4273c3a96e778e2faa277c6f51a8a", "key": "title"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "56c9be9bf1dc14b82acf296e632cf52b", "key": "cpe"}, {"hash": "17e70f50527a49b4899469454ef60058", "key": "cvss"}, {"hash": "728919f0dc29fdb7094342f6d91d9a32", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6d4297d07b3ee5cdba3b4ea027d97f08", "key": "cvss3"}, {"hash": "f0e455aa9964a7906b1afd158154e5b1", "key": "href"}, {"hash": "5295b32ceeb9be4d75c234966cde462e", "key": "cpe23"}, {"hash": "982a15cfc23e8632d3a6a1fe5d2ae575", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "af4b89a6275ed5e2d8f19dcea347dee6", "key": "cvelist"}, {"hash": "9a39a2734c5e2022cad8bc56c8087647", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20384", "id": "CVE-2019-20384", "lastseen": "2020-11-30T02:08:04", "modified": "2020-01-29T17:15:00", "objectVersion": "1.3", "published": "2020-01-21T00:15:00", "references": ["https://bugs.gentoo.org/692492", "http://www.openwall.com/lists/oss-security/2020/01/21/1"], "reporter": "cve@mitre.org", "title": "CVE-2019-20384", "type": "cve", "viewCount": 27}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-30T02:08:04"}], "edition": 11, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "212a711d991550b25a013cdf14d9b754"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "56c9be9bf1dc14b82acf296e632cf52b"}, {"key": "cpe23", "hash": "5295b32ceeb9be4d75c234966cde462e"}, {"key": "cpeConfiguration", "hash": "68092ab9a0c8a72c04c57a987454229f"}, {"key": "cvelist", "hash": "af4b89a6275ed5e2d8f19dcea347dee6"}, {"key": "cvss", "hash": "17e70f50527a49b4899469454ef60058"}, {"key": "cvss2", "hash": "d45e3450770bf31d415b9bac4ce5b7b6"}, {"key": "cvss3", "hash": "6d4297d07b3ee5cdba3b4ea027d97f08"}, {"key": "cwe", "hash": "951f4add04f53cc6083a6504c511794b"}, {"key": "description", "hash": "fc5473fae1d3bb585abdd2e9c1078527"}, {"key": "extraReferences", "hash": "1d7434c8d75dc1d7a9cdbeadb4f8bfc8"}, {"key": "href", "hash": "f0e455aa9964a7906b1afd158154e5b1"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "183798fce373747341ba2f32f8021ac7"}, {"key": "published", "hash": "982a15cfc23e8632d3a6a1fe5d2ae575"}, {"key": "references", "hash": "9a39a2734c5e2022cad8bc56c8087647"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "f1f4273c3a96e778e2faa277c6f51a8a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d707bf69db83e4f571d5147d640fe4ac7ae28bba4a78b18778a610ac319745d8", "viewCount": 33, "enchantments": {"dependencies": {"references": [], "modified": "2021-08-04T17:15:24", "rev": 2}, "score": {"value": 3.5, "vector": "NONE", "modified": "2021-08-04T17:15:24", "rev": 2}}, "objectVersion": "1.6", "cpe": ["cpe:/a:gentoo:portage:2.3.84"], "affectedSoftware": [{"cpeName": "gentoo:portage", "name": "gentoo portage", "operator": "le", "version": "2.3.84"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:gentoo:portage:2.3.84:*:*:*:*:*:*:*"], "cwe": ["CWE-362"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gentoo:portage:2.3.84:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.3.84", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "[oss-security] 20200121 CVE-2019-20384: Portage insecure temporary location", "refsource": "MLIST", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://www.openwall.com/lists/oss-security/2020/01/21/1"}, {"name": "https://bugs.gentoo.org/692492", "refsource": "MISC", "tags": ["Vendor Advisory", "Exploit", "Issue Tracking"], "url": "https://bugs.gentoo.org/692492"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}, {"id": "CVE-2018-20384", "bulletinFamily": "NVD", "title": "CVE-2018-20384", "description": "iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.", "published": "2018-12-23T21:29:00", "modified": "2019-10-03T00:03:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20384", "reporter": "cve@mitre.org", "references": ["https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"], "cvelist": ["CVE-2018-20384"], "type": "cve", "lastseen": "2021-04-23T00:24:23", "history": [{"bulletin": {"affectedSoftware": [{"name": "inovobb ib-8120-w21e1_firmware", "operator": "eq", "version": "139.4410mp1.3921132mp1.899.004404.004"}, {"name": "inovobb ib-8120-w21_firmware", "operator": "eq", "version": "139.4410mp1.004200.002"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002", "cpe:/a:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004"], "cpe23": [], "cvelist": ["CVE-2018-20384"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-255"], "description": "iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:20:03", "references": []}, "score": {"modified": "2019-05-29T18:20:03", "value": 6.1, "vector": "NONE"}}, "hash": "c7c3547c795babb226aebd6872df3df68726a3a25ce3a31006ea6a752962a91a", "hashmap": [{"hash": "524214dd6771e58016160bd2e801d9cd", "key": "cvelist"}, {"hash": "27f23d65080af3399d7605f2dce673e8", "key": "affectedSoftware"}, {"hash": "48cec8f43ff700f672081508fe3d5099", "key": "cvss3"}, {"hash": "f8495c398973820d95efd211ba3b21f7", "key": "published"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c948eed563eb7454f90cdd12c49e648e", "key": "references"}, {"hash": "04d85b6122a19f0fe25b92ac6af16596", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "cc03f0f13c5b7a13cd38f730cca5a70f", "key": "cwe"}, {"hash": "6979b5d6a2830683c7f8e69b97463fe3", "key": "cpe"}, {"hash": "7318c87b7402a4eca0e0d4ab0b59e536", "key": "title"}, {"hash": "03c9a9b9ed6e06df7e7629c03e20fed8", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "ab29dc011325faaa223772f2ab2be8eb", "key": "modified"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20384", "id": "CVE-2018-20384", "lastseen": "2019-05-29T18:20:03", "modified": "2019-01-15T18:44:00", "objectVersion": "1.3", "published": "2018-12-23T21:29:00", "references": ["https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"], "reporter": "cve@mitre.org", "title": "CVE-2018-20384", "type": "cve", "viewCount": 0}, "differentElements": ["modified", "cwe"], "edition": 1, "lastseen": "2019-05-29T18:20:03"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "inovobb:ib-8120-w21e1", "name": "inovobb ib-8120-w21e1", "operator": "eq", "version": "1.0"}, {"cpeName": "inovobb:ib-8120-w21", "name": "inovobb ib-8120-w21", "operator": "eq", "version": "1.0"}], "affectedSoftware": [{"cpeName": "inovobb:ib-8120-w21_firmware", "name": "inovobb ib-8120-w21 firmware", "operator": "eq", "version": "139.4410mp1.004200.002"}, {"cpeName": "inovobb:ib-8120-w21e1_firmware", "name": "inovobb ib-8120-w21e1 firmware", "operator": "eq", "version": "139.4410mp1.3921132mp1.899.004404.004"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002", "cpe:/o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004"], "cpe23": ["cpe:2.3:o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004:*:*:*:*:*:*:*", "cpe:2.3:o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:inovobb:ib-8120-w21:1.0:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:inovobb:ib-8120-w21e1:1.0:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-20384"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-522"], "description": "iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.", "edition": 5, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:34", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T06:52:34", "rev": 2, "value": 6.1, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"}, {"name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html"}], "hash": "3c298d3048f41b30e9cf873695e83cd8cb2e1d145bda9bcaa836487546f2baec", "hashmap": [{"hash": "524214dd6771e58016160bd2e801d9cd", "key": "cvelist"}, {"hash": "48cec8f43ff700f672081508fe3d5099", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f8495c398973820d95efd211ba3b21f7", "key": "published"}, {"hash": "c9094addab7fcb8a6ac592fa3e698b15", "key": "extraReferences"}, {"hash": "8660c84b0ac7acc49d7022d4c9e0f4c2", "key": "cpe"}, {"hash": "891fc2e822ca790696af3d28c9ab454e", "key": "affectedConfiguration"}, {"hash": "f37ed5c063ff34cbdff29e3ba603cdc6", "key": "affectedSoftware"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "f858dd9823d509cd3db7e9fc7af11c43", "key": "cpe23"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "f7ac4ba389f0aab1dc156d4e798ad96c", "key": "cpeConfiguration"}, {"hash": "c948eed563eb7454f90cdd12c49e648e", "key": "references"}, {"hash": "04d85b6122a19f0fe25b92ac6af16596", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7318c87b7402a4eca0e0d4ab0b59e536", "key": "title"}, {"hash": "03c9a9b9ed6e06df7e7629c03e20fed8", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9344c965846bb06da675a02b44a17299", "key": "cwe"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20384", "id": "CVE-2018-20384", "immutableFields": [], "lastseen": "2021-02-02T06:52:34", "modified": "2019-10-03T00:03:00", "objectVersion": "1.5", "published": "2018-12-23T21:29:00", "references": ["https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"], "reporter": "cve@mitre.org", "title": "CVE-2018-20384", "type": "cve", "viewCount": 8}, "different_elements": ["cpeConfiguration"], "edition": 5, "lastseen": "2021-02-02T06:52:34"}, {"bulletin": {"affectedConfiguration": [{"cpeName": "inovobb:ib-8120-w21e1", "name": "inovobb ib-8120-w21e1", "operator": "eq", "version": "1.0"}, {"cpeName": "inovobb:ib-8120-w21", "name": "inovobb ib-8120-w21", "operator": "eq", "version": "1.0"}], "affectedSoftware": [{"cpeName": "inovobb:ib-8120-w21_firmware", "name": "inovobb ib-8120-w21 firmware", "operator": "eq", "version": "139.4410mp1.004200.002"}, {"cpeName": "inovobb:ib-8120-w21e1_firmware", "name": "inovobb ib-8120-w21e1 firmware", "operator": "eq", "version": "139.4410mp1.3921132mp1.899.004404.004"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002", "cpe:/o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004"], "cpe23": ["cpe:2.3:o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004:*:*:*:*:*:*:*", "cpe:2.3:o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:inovobb:ib-8120-w21:1.0:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:inovobb:ib-8120-w21e1:1.0:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "cvelist": ["CVE-2018-20384"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-522"], "description": "iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:18", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T13:20:18", "rev": 2, "value": 6.1, "vector": "NONE"}}, "extraReferences": [], "hash": "a99225297889c9289c76cbc607cd5f7b06de8a23224a5d912d221f48c589df74", "hashmap": [{"hash": "524214dd6771e58016160bd2e801d9cd", "key": "cvelist"}, {"hash": "48cec8f43ff700f672081508fe3d5099", "key": "cvss3"}, {"hash": "f8495c398973820d95efd211ba3b21f7", "key": "published"}, {"hash": "8660c84b0ac7acc49d7022d4c9e0f4c2", "key": "cpe"}, {"hash": "891fc2e822ca790696af3d28c9ab454e", "key": "affectedConfiguration"}, {"hash": "f37ed5c063ff34cbdff29e3ba603cdc6", "key": "affectedSoftware"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "f858dd9823d509cd3db7e9fc7af11c43", "key": "cpe23"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "f7ac4ba389f0aab1dc156d4e798ad96c", "key": "cpeConfiguration"}, {"hash": "c948eed563eb7454f90cdd12c49e648e", "key": "references"}, {"hash": "04d85b6122a19f0fe25b92ac6af16596", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7318c87b7402a4eca0e0d4ab0b59e536", "key": "title"}, {"hash": "03c9a9b9ed6e06df7e7629c03e20fed8", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9344c965846bb06da675a02b44a17299", "key": "cwe"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20384", "id": "CVE-2018-20384", "lastseen": "2020-10-03T13:20:18", "modified": "2019-10-03T00:03:00", "objectVersion": "1.3", "published": "2018-12-23T21:29:00", "references": ["https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"], "reporter": "cve@mitre.org", "title": "CVE-2018-20384", "type": "cve", "viewCount": 5}, "differentElements": ["extraReferences"], "edition": 4, "lastseen": "2020-10-03T13:20:18"}, {"bulletin": {"affectedSoftware": [{"name": "inovobb ib-8120-w21e1_firmware", "operator": "eq", "version": "139.4410mp1.3921132mp1.899.004404.004"}, {"name": "inovobb ib-8120-w21_firmware", "operator": "eq", "version": "139.4410mp1.004200.002"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002", "cpe:/a:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004"], "cpe23": [], "cvelist": ["CVE-2018-20384"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-522"], "description": "iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-10-04T12:26:16", "references": [], "rev": 2}, "score": {"modified": "2019-10-04T12:26:16", "rev": 2, "value": 6.1, "vector": "NONE"}}, "hash": "76350ed951f5cb9814da0fc7588b4154483f7529931ba8aa2850335a4732c4b1", "hashmap": [{"hash": "524214dd6771e58016160bd2e801d9cd", "key": "cvelist"}, {"hash": "27f23d65080af3399d7605f2dce673e8", "key": "affectedSoftware"}, {"hash": "48cec8f43ff700f672081508fe3d5099", "key": "cvss3"}, {"hash": "f8495c398973820d95efd211ba3b21f7", "key": "published"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c948eed563eb7454f90cdd12c49e648e", "key": "references"}, {"hash": "04d85b6122a19f0fe25b92ac6af16596", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6979b5d6a2830683c7f8e69b97463fe3", "key": "cpe"}, {"hash": "7318c87b7402a4eca0e0d4ab0b59e536", "key": "title"}, {"hash": "03c9a9b9ed6e06df7e7629c03e20fed8", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9344c965846bb06da675a02b44a17299", "key": "cwe"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20384", "id": "CVE-2018-20384", "lastseen": "2019-10-04T12:26:16", "modified": "2019-10-03T00:03:00", "objectVersion": "1.3", "published": "2018-12-23T21:29:00", "references": ["https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"], "reporter": "cve@mitre.org", "title": "CVE-2018-20384", "type": "cve", "viewCount": 4}, "differentElements": ["cpe23", "cpe", "affectedSoftware"], "edition": 2, "lastseen": "2019-10-04T12:26:16"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "inovobb:ib-8120-w21_firmware", "name": "inovobb ib-8120-w21 firmware", "operator": "eq", "version": "139.4410mp1.004200.002"}, {"cpeName": "inovobb:ib-8120-w21e1_firmware", "name": "inovobb ib-8120-w21e1 firmware", "operator": "eq", "version": "139.4410mp1.3921132mp1.899.004404.004"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002", "cpe:/o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004"], "cpe23": ["cpe:2.3:o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004:*:*:*:*:*:*:*", "cpe:2.3:o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-20384"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-522"], "description": "iNovo Broadband IB-8120-W21 139.4410mp1.004200.002 and IB-8120-W21E1 139.4410mp1.3921132mp1.899.004404.004 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-09-21T14:29:02", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T14:29:02", "rev": 2, "value": 6.1, "vector": "NONE"}}, "hash": "13ce336f778362e3c3cf3cb36802a5de5c7380e3001702edab17084be9517afb", "hashmap": [{"hash": "524214dd6771e58016160bd2e801d9cd", "key": "cvelist"}, {"hash": "48cec8f43ff700f672081508fe3d5099", "key": "cvss3"}, {"hash": "f8495c398973820d95efd211ba3b21f7", "key": "published"}, {"hash": "8660c84b0ac7acc49d7022d4c9e0f4c2", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "f37ed5c063ff34cbdff29e3ba603cdc6", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "f858dd9823d509cd3db7e9fc7af11c43", "key": "cpe23"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c948eed563eb7454f90cdd12c49e648e", "key": "references"}, {"hash": "04d85b6122a19f0fe25b92ac6af16596", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7318c87b7402a4eca0e0d4ab0b59e536", "key": "title"}, {"hash": "03c9a9b9ed6e06df7e7629c03e20fed8", "key": "href"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9344c965846bb06da675a02b44a17299", "key": "cwe"}, {"hash": "1f0cc7832f07ee78350b613e89af69f8", "key": "modified"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20384", "id": "CVE-2018-20384", "lastseen": "2020-09-21T14:29:02", "modified": "2019-10-03T00:03:00", "objectVersion": "1.3", "published": "2018-12-23T21:29:00", "references": ["https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"], "reporter": "cve@mitre.org", "title": "CVE-2018-20384", "type": "cve", "viewCount": 4}, "differentElements": ["affectedConfiguration", "cpeConfiguration"], "edition": 3, "lastseen": "2020-09-21T14:29:02"}], "edition": 6, "hashmap": [{"key": "affectedConfiguration", "hash": "891fc2e822ca790696af3d28c9ab454e"}, {"key": "affectedSoftware", "hash": "f37ed5c063ff34cbdff29e3ba603cdc6"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "8660c84b0ac7acc49d7022d4c9e0f4c2"}, {"key": "cpe23", "hash": "f858dd9823d509cd3db7e9fc7af11c43"}, {"key": "cpeConfiguration", "hash": "95aafb290a4b764d8b356a9ed55ccb24"}, {"key": "cvelist", "hash": "524214dd6771e58016160bd2e801d9cd"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "48cec8f43ff700f672081508fe3d5099"}, {"key": "cwe", "hash": "9344c965846bb06da675a02b44a17299"}, {"key": "description", "hash": "04d85b6122a19f0fe25b92ac6af16596"}, {"key": "extraReferences", "hash": "c9094addab7fcb8a6ac592fa3e698b15"}, {"key": "href", "hash": "03c9a9b9ed6e06df7e7629c03e20fed8"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "1f0cc7832f07ee78350b613e89af69f8"}, {"key": "published", "hash": "f8495c398973820d95efd211ba3b21f7"}, {"key": "references", "hash": "c948eed563eb7454f90cdd12c49e648e"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "7318c87b7402a4eca0e0d4ab0b59e536"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "cfe8499abea38940c8a8fff391168d33bd1ddc1275fc91ca0b3403d384930e25", "viewCount": 11, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-23T00:24:23", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-04-23T00:24:23", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002", "cpe:/o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004"], "affectedSoftware": [{"cpeName": "inovobb:ib-8120-w21_firmware", "name": "inovobb ib-8120-w21 firmware", "operator": "eq", "version": "139.4410mp1.004200.002"}, {"cpeName": "inovobb:ib-8120-w21e1_firmware", "name": "inovobb ib-8120-w21e1 firmware", "operator": "eq", "version": "139.4410mp1.3921132mp1.899.004404.004"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004:*:*:*:*:*:*:*", "cpe:2.3:o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002:*:*:*:*:*:*:*"], "cwe": ["CWE-522"], "scheme": null, "affectedConfiguration": [{"cpeName": "inovobb:ib-8120-w21e1", "name": "inovobb ib-8120-w21e1", "operator": "eq", "version": "1.0"}, {"cpeName": "inovobb:ib-8120-w21", "name": "inovobb ib-8120-w21", "operator": "eq", "version": "1.0"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:inovobb:ib-8120-w21e1_firmware:139.4410mp1.3921132mp1.899.004404.004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:inovobb:ib-8120-w21e1:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}, {"children": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:inovobb:ib-8120-w21_firmware:139.4410mp1.004200.002:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:h:inovobb:ib-8120-w21:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}], "operator": "OR"}], "cpe_match": [], "operator": "AND"}]}, "extraReferences": [{"name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"}, {"name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html"}], "immutableFields": []}, {"id": "CVE-2016-8860", "bulletinFamily": "NVD", "title": "CVE-2016-8860", "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.", "published": "2017-01-04T20:59:00", "modified": "2017-07-01T01:30:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8860", "reporter": "cve@mitre.org", "references": ["https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "https://security.gentoo.org/glsa/201612-45", "http://openwall.com/lists/oss-security/2016/10/19/11", "http://www.securityfocus.com/bid/95116", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://trac.torproject.org/projects/tor/ticket/20384", "http://www.debian.org/security/2016/dsa-3694"], "cvelist": ["CVE-2016-8860"], "type": "cve", "lastseen": "2021-04-22T23:58:53", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.3"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.0"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "le", "version": "0.2.8.8"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.2"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:torproject:tor:0.2.9.3", "cpe:/a:torproject:tor:0.2.8.8", "cpe:/a:torproject:tor:0.2.9.1", "cpe:/a:torproject:tor:0.2.9.0", "cpe:/a:torproject:tor:0.2.9.2"], "cpe23": ["cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2016-8860"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-119"], "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:24:37", "references": [{"idList": ["FEDORA_2016-3B6393ACDD.NASL", "FEDORA_2016-59316CF667.NASL", "FEDORA_2016-E56ED6F472.NASL", "GENTOO_GLSA-201612-45.NASL", "DEBIAN_DSA-3694.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310810140", "OPENVAS:1361412562310872034", "OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694"], "type": "openvas"}, {"idList": ["PACKETSTORM:143369"], "type": "packetstorm"}, {"idList": ["GLSA-201612-45"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2020-09-21T14:24:37", "rev": 2, "value": 4.7, "vector": "NONE"}}, "hash": "e602f218386ce6d5bacd42b4c28a749e1e27495785ac95896e5b8513d1090f17", "hashmap": [{"hash": "4d1a1321bdee8128f64eb7017d09514c", "key": "cpe"}, {"hash": "8a5c38d288d0c51a885f357eb1d27300", "key": "title"}, {"hash": "5b8afb2a452072b128fb21163b6779af", "key": "description"}, {"hash": "526a0b58c26d0720095567eb8a169d54", "key": "cpe23"}, {"hash": "b5cef30da83f9b368c6b3bb523042642", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "9c31d6354449877a8e8d18f038ab2885", "key": "references"}, {"hash": "9cd58a649c5a2e0983867844b2777cd7", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "ed119d53bc22517c2dd75bc029dd5ed3", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "090691d4dc3c7f71542b6e868b89d5d3", "key": "affectedSoftware"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "ff5a6b4a51f2010ac7009f47c0483002", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "cf5877ac1d6c3d593464bf80165c5f9a", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8860", "id": "CVE-2016-8860", "lastseen": "2020-09-21T14:24:37", "modified": "2017-07-01T01:30:00", "objectVersion": "1.3", "published": "2017-01-04T20:59:00", "references": ["https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "https://security.gentoo.org/glsa/201612-45", "http://openwall.com/lists/oss-security/2016/10/19/11", "http://www.securityfocus.com/bid/95116", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://trac.torproject.org/projects/tor/ticket/20384", "http://www.debian.org/security/2016/dsa-3694"], "reporter": "cve@mitre.org", "title": "CVE-2016-8860", "type": "cve", "viewCount": 1}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:24:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.3"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.0"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "le", "version": "0.2.8.8"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.2"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:torproject:tor:0.2.9.3", "cpe:/a:torproject:tor:0.2.8.8", "cpe:/a:torproject:tor:0.2.9.1", "cpe:/a:torproject:tor:0.2.9.0", "cpe:/a:torproject:tor:0.2.9.2"], "cpe23": ["cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "versionEndIncluding": "0.2.8.8", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2016-8860"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-119"], "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:28:13", "references": [{"idList": ["FEDORA_2016-3B6393ACDD.NASL", "FEDORA_2016-59316CF667.NASL", "FEDORA_2016-E56ED6F472.NASL", "GENTOO_GLSA-201612-45.NASL", "DEBIAN_DSA-3694.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310810140", "OPENVAS:1361412562310872034", "OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694"], "type": "openvas"}, {"idList": ["PACKETSTORM:143369"], "type": "packetstorm"}, {"idList": ["FEDORA:9629D6076293", "FEDORA:90B8360170F1", "FEDORA:46FDC608793D"], "type": "fedora"}, {"idList": ["GLSA-201612-45"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2021-02-02T06:28:13", "rev": 2, "value": 4.7, "vector": "NONE"}}, "extraReferences": [{"name": "[oss-security] 20161019 Re: CVE request for tor", "refsource": "MLIST", "tags": ["Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2016/10/19/11"}, {"name": "95116", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/95116"}, {"name": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce"}, {"name": "GLSA-201612-45", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201612-45"}, {"name": "DSA-3694", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2016/dsa-3694"}, {"name": "https://trac.torproject.org/projects/tor/ticket/20384", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://trac.torproject.org/projects/tor/ticket/20384"}, {"name": "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "refsource": "CONFIRM", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.torproject.org/blog/tor-0289-released-important-fixes"}], "hash": "11133ad6818ba23be609a89dc562723b4d7672cd5e054a28cc625a3ff1c6986c", "hashmap": [{"hash": "4d1a1321bdee8128f64eb7017d09514c", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "8a5c38d288d0c51a885f357eb1d27300", "key": "title"}, {"hash": "5b8afb2a452072b128fb21163b6779af", "key": "description"}, {"hash": "526a0b58c26d0720095567eb8a169d54", "key": "cpe23"}, {"hash": "430d51d067b1c75895f5c4c7502ed1c3", "key": "extraReferences"}, {"hash": "b5cef30da83f9b368c6b3bb523042642", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b26a1030885a872c2c06f386e9533ab9", "key": "cpeConfiguration"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "9c31d6354449877a8e8d18f038ab2885", "key": "references"}, {"hash": "9cd58a649c5a2e0983867844b2777cd7", "key": "cvelist"}, {"hash": "ed119d53bc22517c2dd75bc029dd5ed3", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "090691d4dc3c7f71542b6e868b89d5d3", "key": "affectedSoftware"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "ff5a6b4a51f2010ac7009f47c0483002", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "cf5877ac1d6c3d593464bf80165c5f9a", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8860", "id": "CVE-2016-8860", "immutableFields": [], "lastseen": "2021-02-02T06:28:13", "modified": "2017-07-01T01:30:00", "objectVersion": "1.5", "published": "2017-01-04T20:59:00", "references": ["https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "https://security.gentoo.org/glsa/201612-45", "http://openwall.com/lists/oss-security/2016/10/19/11", "http://www.securityfocus.com/bid/95116", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://trac.torproject.org/projects/tor/ticket/20384", "http://www.debian.org/security/2016/dsa-3694"], "reporter": "cve@mitre.org", "title": "CVE-2016-8860", "type": "cve", "viewCount": 4}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:28:13"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.3"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.0"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "le", "version": "0.2.8.8"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.2"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:torproject:tor:0.2.9.3", "cpe:/a:torproject:tor:0.2.8.8", "cpe:/a:torproject:tor:0.2.9.1", "cpe:/a:torproject:tor:0.2.9.0", "cpe:/a:torproject:tor:0.2.9.2"], "cpe23": ["cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "versionEndIncluding": "0.2.8.8", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2016-8860"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-119"], "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:07:43", "references": [{"idList": ["FEDORA_2016-3B6393ACDD.NASL", "FEDORA_2016-59316CF667.NASL", "FEDORA_2016-E56ED6F472.NASL", "GENTOO_GLSA-201612-45.NASL", "DEBIAN_DSA-3694.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310810140", "OPENVAS:1361412562310872034", "OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694"], "type": "openvas"}, {"idList": ["PACKETSTORM:143369"], "type": "packetstorm"}, {"idList": ["FEDORA:9629D6076293", "FEDORA:90B8360170F1", "FEDORA:46FDC608793D"], "type": "fedora"}, {"idList": ["GLSA-201612-45"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2020-12-09T20:07:43", "rev": 2, "value": 4.7, "vector": "NONE"}}, "extraReferences": [], "hash": "c7a0e4f686c87c450f1682f6362d743a84f197ab0738bce89f283888f710f7fd", "hashmap": [{"hash": "4d1a1321bdee8128f64eb7017d09514c", "key": "cpe"}, {"hash": "8a5c38d288d0c51a885f357eb1d27300", "key": "title"}, {"hash": "5b8afb2a452072b128fb21163b6779af", "key": "description"}, {"hash": "526a0b58c26d0720095567eb8a169d54", "key": "cpe23"}, {"hash": "b5cef30da83f9b368c6b3bb523042642", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b26a1030885a872c2c06f386e9533ab9", "key": "cpeConfiguration"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "9c31d6354449877a8e8d18f038ab2885", "key": "references"}, {"hash": "9cd58a649c5a2e0983867844b2777cd7", "key": "cvelist"}, {"hash": "ed119d53bc22517c2dd75bc029dd5ed3", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "090691d4dc3c7f71542b6e868b89d5d3", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "ff5a6b4a51f2010ac7009f47c0483002", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "cf5877ac1d6c3d593464bf80165c5f9a", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8860", "id": "CVE-2016-8860", "lastseen": "2020-12-09T20:07:43", "modified": "2017-07-01T01:30:00", "objectVersion": "1.3", "published": "2017-01-04T20:59:00", "references": ["https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "https://security.gentoo.org/glsa/201612-45", "http://openwall.com/lists/oss-security/2016/10/19/11", "http://www.securityfocus.com/bid/95116", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://trac.torproject.org/projects/tor/ticket/20384", "http://www.debian.org/security/2016/dsa-3694"], "reporter": "cve@mitre.org", "title": "CVE-2016-8860", "type": "cve", "viewCount": 3}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:07:43"}, {"bulletin": {"affectedSoftware": [{"name": "torproject tor", "operator": "le", "version": "0.2.8.8"}, {"name": "torproject tor", "operator": "eq", "version": "0.2.9.3"}, {"name": "torproject tor", "operator": "eq", "version": "0.2.9.0"}, {"name": "torproject tor", "operator": "eq", "version": "0.2.9.1"}, {"name": "torproject tor", "operator": "eq", "version": "0.2.9.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:torproject:tor:0.2.9.3", "cpe:/a:torproject:tor:0.2.9.1", "cpe:/a:torproject:tor:0.2.9.0", "cpe:/a:torproject:tor:0.2.9.2"], "cpe23": ["cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*"], "cvelist": ["CVE-2016-8860"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-119"], "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:15:40", "references": [{"idList": ["FEDORA_2016-3B6393ACDD.NASL", "FEDORA_2016-59316CF667.NASL", "FEDORA_2016-E56ED6F472.NASL", "GENTOO_GLSA-201612-45.NASL", "DEBIAN_DSA-3694.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310810140", "OPENVAS:1361412562310872034", "OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694"], "type": "openvas"}, {"idList": ["PACKETSTORM:143369"], "type": "packetstorm"}, {"idList": ["GLSA-201612-45"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2019-05-29T18:15:40", "rev": 2, "value": 4.7, "vector": "NONE"}}, "hash": "3cf2ddcea67e93ddf423bcbb75cc417e9d9260adf2dc0785bd692dd11fb95e01", "hashmap": [{"hash": "8a5c38d288d0c51a885f357eb1d27300", "key": "title"}, {"hash": "4205204b7f1fc6212384b0eab809fa85", "key": "cpe23"}, {"hash": "5b8afb2a452072b128fb21163b6779af", "key": "description"}, {"hash": "b5cef30da83f9b368c6b3bb523042642", "key": "cvss3"}, {"hash": "658c8066c8ab7908895876f7c1b0ec29", "key": "affectedSoftware"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "9c31d6354449877a8e8d18f038ab2885", "key": "references"}, {"hash": "9cd58a649c5a2e0983867844b2777cd7", "key": "cvelist"}, {"hash": "ed119d53bc22517c2dd75bc029dd5ed3", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "c267e73f1aa9bc421a7ebb5ba95f5611", "key": "cpe"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "ff5a6b4a51f2010ac7009f47c0483002", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "cf5877ac1d6c3d593464bf80165c5f9a", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8860", "id": "CVE-2016-8860", "lastseen": "2019-05-29T18:15:40", "modified": "2017-07-01T01:30:00", "objectVersion": "1.3", "published": "2017-01-04T20:59:00", "references": ["https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "https://security.gentoo.org/glsa/201612-45", "http://openwall.com/lists/oss-security/2016/10/19/11", "http://www.securityfocus.com/bid/95116", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://trac.torproject.org/projects/tor/ticket/20384", "http://www.debian.org/security/2016/dsa-3694"], "reporter": "cve@mitre.org", "title": "CVE-2016-8860", "type": "cve", "viewCount": 1}, "differentElements": ["cpe23", "cpe", "affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:15:40"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.3"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.0"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "le", "version": "0.2.8.8"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.2"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.1"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:torproject:tor:0.2.9.3", "cpe:/a:torproject:tor:0.2.8.8", "cpe:/a:torproject:tor:0.2.9.1", "cpe:/a:torproject:tor:0.2.9.0", "cpe:/a:torproject:tor:0.2.9.2"], "cpe23": ["cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "versionEndIncluding": "0.2.8.8", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2016-8860"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-119"], "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions that were entitled to expect that buf_t data had NUL termination, but the implementation of or/buffers.c did not ensure that NUL termination was present, which allows remote attackers to cause a denial of service (client, hidden service, relay, or authority crash) via crafted data.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:10:51", "references": [{"idList": ["FEDORA_2016-3B6393ACDD.NASL", "FEDORA_2016-59316CF667.NASL", "FEDORA_2016-E56ED6F472.NASL", "GENTOO_GLSA-201612-45.NASL", "DEBIAN_DSA-3694.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310810140", "OPENVAS:1361412562310872034", "OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694"], "type": "openvas"}, {"idList": ["PACKETSTORM:143369"], "type": "packetstorm"}, {"idList": ["GLSA-201612-45"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2020-10-03T12:10:51", "rev": 2, "value": 4.7, "vector": "NONE"}}, "hash": "066f745223b862f33bc86d1ca218f53477ceee68d0372644d5ef99d7338c3b42", "hashmap": [{"hash": "4d1a1321bdee8128f64eb7017d09514c", "key": "cpe"}, {"hash": "8a5c38d288d0c51a885f357eb1d27300", "key": "title"}, {"hash": "5b8afb2a452072b128fb21163b6779af", "key": "description"}, {"hash": "526a0b58c26d0720095567eb8a169d54", "key": "cpe23"}, {"hash": "b5cef30da83f9b368c6b3bb523042642", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b26a1030885a872c2c06f386e9533ab9", "key": "cpeConfiguration"}, {"hash": "bb61a0949f8c36262500079f243672e2", "key": "cwe"}, {"hash": "9c31d6354449877a8e8d18f038ab2885", "key": "references"}, {"hash": "9cd58a649c5a2e0983867844b2777cd7", "key": "cvelist"}, {"hash": "ed119d53bc22517c2dd75bc029dd5ed3", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "090691d4dc3c7f71542b6e868b89d5d3", "key": "affectedSoftware"}, {"hash": "85fc9715d07b57d9e72056856b007c7b", "key": "cvss2"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}, {"hash": "ff5a6b4a51f2010ac7009f47c0483002", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "cf5877ac1d6c3d593464bf80165c5f9a", "key": "published"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8860", "id": "CVE-2016-8860", "lastseen": "2020-10-03T12:10:51", "modified": "2017-07-01T01:30:00", "objectVersion": "1.3", "published": "2017-01-04T20:59:00", "references": ["https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "https://security.gentoo.org/glsa/201612-45", "http://openwall.com/lists/oss-security/2016/10/19/11", "http://www.securityfocus.com/bid/95116", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://trac.torproject.org/projects/tor/ticket/20384", "http://www.debian.org/security/2016/dsa-3694"], "reporter": "cve@mitre.org", "title": "CVE-2016-8860", "type": "cve", "viewCount": 2}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:10:51"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "090691d4dc3c7f71542b6e868b89d5d3"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "4d1a1321bdee8128f64eb7017d09514c"}, {"key": "cpe23", "hash": "526a0b58c26d0720095567eb8a169d54"}, {"key": "cpeConfiguration", "hash": "fd0f53fbe98c1b97db67cae8df8211b1"}, {"key": "cvelist", "hash": "9cd58a649c5a2e0983867844b2777cd7"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "cvss2", "hash": "85fc9715d07b57d9e72056856b007c7b"}, {"key": "cvss3", "hash": "b5cef30da83f9b368c6b3bb523042642"}, {"key": "cwe", "hash": "bb61a0949f8c36262500079f243672e2"}, {"key": "description", "hash": "5b8afb2a452072b128fb21163b6779af"}, {"key": "extraReferences", "hash": "430d51d067b1c75895f5c4c7502ed1c3"}, {"key": "href", "hash": "ff5a6b4a51f2010ac7009f47c0483002"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "ed119d53bc22517c2dd75bc029dd5ed3"}, {"key": "published", "hash": "cf5877ac1d6c3d593464bf80165c5f9a"}, {"key": "references", "hash": "9c31d6354449877a8e8d18f038ab2885"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "8a5c38d288d0c51a885f357eb1d27300"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "5ee3a957e22545743b28379040f026c88d8170c9e54d103ddf3631cfd57394fa", "viewCount": 8, "enchantments": {"dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2016-8860/"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694", "OPENVAS:1361412562310872034", "OPENVAS:1361412562310810140"]}, {"type": "fedora", "idList": ["FEDORA:9629D6076293", "FEDORA:90B8360170F1", "FEDORA:46FDC608793D"]}, {"type": "gentoo", "idList": ["GLSA-201612-45"]}, {"type": "nessus", "idList": ["FEDORA_2016-59316CF667.NASL", "GENTOO_GLSA-201612-45.NASL", "DEBIAN_DSA-3694.NASL", "FEDORA_2016-E56ED6F472.NASL", "FEDORA_2016-3B6393ACDD.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}], "modified": "2021-04-22T23:58:53", "rev": 2}, "score": {"value": 4.6, "vector": "NONE", "modified": "2021-04-22T23:58:53", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:torproject:tor:0.2.9.3", "cpe:/a:torproject:tor:0.2.8.8", "cpe:/a:torproject:tor:0.2.9.1", "cpe:/a:torproject:tor:0.2.9.0", "cpe:/a:torproject:tor:0.2.9.2"], "affectedSoftware": [{"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.3"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.0"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "le", "version": "0.2.8.8"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.2"}, {"cpeName": "torproject:tor", "name": "torproject tor", "operator": "eq", "version": "0.2.9.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*"], "cwe": ["CWE-119"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.1:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.3:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.0:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.8.8:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "0.2.8.8", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:torproject:tor:0.2.9.2:alpha:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "[oss-security] 20161019 Re: CVE request for tor", "refsource": "MLIST", "tags": ["Third Party Advisory"], "url": "http://openwall.com/lists/oss-security/2016/10/19/11"}, {"name": "95116", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/95116"}, {"name": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce"}, {"name": "GLSA-201612-45", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201612-45"}, {"name": "DSA-3694", "refsource": "DEBIAN", "tags": [], "url": "http://www.debian.org/security/2016/dsa-3694"}, {"name": "https://trac.torproject.org/projects/tor/ticket/20384", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://trac.torproject.org/projects/tor/ticket/20384"}, {"name": "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "refsource": "CONFIRM", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://blog.torproject.org/blog/tor-0289-released-important-fixes"}], "immutableFields": []}], "openbugbounty": [{"type": "openbugbounty", "lastseen": "2017-12-26T05:08:14", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "href": "https://www.openbugbounty.org/reports/232775/", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [{"bulletin": {"references": [], "bulletinFamily": "bugbounty", "cvss": {"score": 0.0, "vector": "NONE"}, "lastseen": "2017-10-16T23:52:31", "openbugbounty": {"mirror": "", "patchStatus": "unpatched"}, "objectVersion": "1.4", "href": "https://www.openbugbounty.org/reports/232775/", "type": "openbugbounty", "history": [], "cvelist": [], "enchantments_done": [], "title": "vestiairecollective.com XSS vulnerability ", "id": "OBB:232775", "description": "##### Vulnerable URL:\n \n \n http://www.vestiairecollective.com/search/?q=\"-confirm(`OPENBUGBOUNTY`)-\"\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| No \nLatest check for patch:| 31.07.2017 \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 20384 \nVIP website status:| Yes \nCheck vestiairecollective.com SSL connection:| (Grade: A) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 6 May, 2017 18:52 GMT \nVulnerability existence verified and confirmed| 8 May, 2017 05:33 GMT \nNotification sent to subscribers (without technical details)| 8 May, 2017 06:17 GMT \nVulnerability details disclosed by researcher| 19 June, 2017 06:14 GMT\n", "modified": "2017-06-19T06:14:00", "reporter": "Random_Robbie", "published": "2017-05-06T18:52:00", "enchantments": {"score": {"modified": "2017-10-16T23:52:31", "value": 5.0}}, "viewCount": 0}, "lastseen": "2017-10-16T23:52:31", "differentElements": ["description", "modified", "openbugbounty"], "edition": 1}], "reporter": "Random_Robbie", "description": "##### Vulnerable URL:\n \n \n http://www.vestiairecollective.com/search/?q=\"-confirm(`OPENBUGBOUNTY`)-\"\n \n\n##### Details:\n\nDescription| Value \n---|--- \nPatched:| Yes, at 13.12.2017 \nLatest check for patch:| 13.12.2017 07:31 GMT \nVulnerability type:| XSS \nVulnerability status:| Publicly disclosed \nAlexa Rank| 20384 \nVIP website status:| Yes \nCheck vestiairecollective.com SSL connection:| (Grade: A) \n \n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 6 May, 2017 18:52 GMT \nVulnerability existence verified and confirmed| 8 May, 2017 05:33 GMT \nNotification sent to subscribers (without technical details)| 8 May, 2017 06:17 GMT \nVulnerability details disclosed by researcher| 19 June, 2017 06:14 GMT \nVulnerability patched by the website owner| 13 December, 2017 07:31 GMT\n", "bulletinFamily": "bugbounty", "references": [], "objectVersion": "1.4", "viewCount": 4, "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "cvelist": [], "openbugbounty": {"mirror": "", "patchStatus": "patched"}, "enchantments_done": [], "title": "vestiairecollective.com XSS vulnerability ", "id": "OBB:232775", "modified": "2017-12-13T07:31:00", "published": "2017-05-06T18:52:00", "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2017-12-26T05:08:14", "rev": 2}, "dependencies": {"references": [], "modified": "2017-12-26T05:08:14", "rev": 2}}}], "ubuntucve": [{"id": "UB:CVE-2016-8860", "hash": "e472eeffd95e6dcb300c6f130c9fa616", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2016-8860", "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions\nthat were entitled to expect that buf_t data had NUL termination, but the\nimplementation of or/buffers.c did not ensure that NUL termination was\npresent, which allows remote attackers to cause a denial of service\n(client, hidden service, relay, or authority crash) via crafted data.", "published": "2017-01-04T00:00:00", "modified": "2017-01-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2016-8860", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860", "https://trac.torproject.org/projects/tor/ticket/20384", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "http://www.openwall.com/lists/oss-security/2016/10/18/11", "https://nvd.nist.gov/vuln/detail/CVE-2016-8860", "https://launchpad.net/bugs/cve/CVE-2016-8860", "https://security-tracker.debian.org/tracker/CVE-2016-8860"], "cvelist": ["CVE-2016-8860"], "immutableFields": [], "lastseen": "2021-07-31T00:12:21", "history": [{"bulletin": {"id": "UB:CVE-2016-8860", "hash": "ddf8efedba9c8c891a83d91c2f14a134", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2016-8860", "description": "Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal functions\nthat were entitled to expect that buf_t data had NUL termination, but the\nimplementation of or/buffers.c did not ensure that NUL termination was\npresent, which allows remote attackers to cause a denial of service\n(client, hidden service, relay, or authority crash) via crafted data.", "published": "2017-01-04T00:00:00", "modified": "2017-01-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2016-8860", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8860", "https://trac.torproject.org/projects/tor/ticket/20384", "https://blog.torproject.org/blog/tor-0289-released-important-fixes", "https://github.com/torproject/tor/commit/3cea86eb2fbb65949673eb4ba8ebb695c87a57ce", "http://www.openwall.com/lists/oss-security/2016/10/18/11", "https://nvd.nist.gov/vuln/detail/CVE-2016-8860", "https://launchpad.net/bugs/cve/CVE-2016-8860", "https://security-tracker.debian.org/tracker/CVE-2016-8860"], "cvelist": ["CVE-2016-8860"], "immutableFields": [], "lastseen": "2021-06-30T23:10:50", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-8860"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2016-8860/"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310872034", "OPENVAS:1361412562310810140", "OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694"]}, {"type": "gentoo", "idList": ["GLSA-201612-45"]}, {"type": "fedora", "idList": ["FEDORA:90B8360170F1", "FEDORA:46FDC608793D", "FEDORA:9629D6076293"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201612-45.NASL", "FEDORA_2016-3B6393ACDD.NASL", "FEDORA_2016-59316CF667.NASL", "DEBIAN_DSA-3694.NASL", "FEDORA_2016-E56ED6F472.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}], "modified": "2021-06-30T23:10:50", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2021-06-30T23:10:50", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "0.2.8.9-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "tor"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "0.2.4.27-1ubuntu0.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "tor"}], "bugs": []}, "lastseen": "2021-06-30T23:10:50", "differentElements": ["cvss2", "cvss3"], "edition": 1}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-8860"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2016-8860/"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810140", "OPENVAS:1361412562310810152", "OPENVAS:1361412562310703694", "OPENVAS:1361412562310872034"]}, {"type": "nessus", "idList": ["FEDORA_2016-59316CF667.NASL", "DEBIAN_DSA-3694.NASL", "GENTOO_GLSA-201612-45.NASL", "FEDORA_2016-3B6393ACDD.NASL", "FEDORA_2016-E56ED6F472.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201612-45"]}, {"type": "fedora", "idList": ["FEDORA:90B8360170F1", "FEDORA:46FDC608793D", "FEDORA:9629D6076293"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:143369"]}], "modified": "2021-07-31T00:12:21", "rev": 2}, "score": {"value": 4.1, "vector": "NONE", "modified": "2021-07-31T00:12:21", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "0.2.8.9-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "tor"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "0.2.4.27-1ubuntu0.1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "tor"}], "bugs": [], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "freebsd": [{"edition": 1, "history": [], "modified": "2016-10-17T00:00:00", "hash": "542779458f66b637016ee9602fd381ef6b3b516ef623e405a28146b5ea77868b", "affectedPackage": [{"packageName": "tor-devel", "packageVersion": "0.2.9.4-alpha", "OSVersion": "any", "OS": "FreeBSD", "operator": "lt", "arch": "noarch", "packageFilename": "UNKNOWN"}, {"packageName": "tor", "packageVersion": "0.2.8.9", "OSVersion": "any", "OS": "FreeBSD", "operator": "lt", "arch": "noarch", "packageFilename": "UNKNOWN"}], "bulletinFamily": "unix", "references": ["https://blog.torproject.org/blog/tor-0289-released-important-fixes"], "cvelist": [], "href": "https://vuxml.freebsd.org/freebsd/c1dc55dc-9556-11e6-b154-3065ec8fd3ec.html", "description": "\nThe Tor Blog reports:\n\nPrevent a class of security bugs caused by treating the contents\n\t of a buffer chunk as if they were a NUL-terminated string. At least\n\t one such bug seems to be present in all currently used versions of\n\t Tor, and would allow an attacker to remotely crash most Tor\n\t instances, especially those compiled with extra compiler hardening.\n\t With this defense in place, such bugs can't crash Tor, though we\n\t should still fix them as they occur. Closes ticket 20384\n\t (TROVE-2016-10-001).\n\n", "id": "C1DC55DC-9556-11E6-B154-3065EC8FD3EC", "reporter": "FreeBSD", "lastseen": "2016-10-18T21:22:37", "published": "2016-10-17T00:00:00", "enchantments": {"score": {"value": 1.6, "vector": "NONE", "modified": "2016-10-18T21:22:37", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_C1DC55DC955611E6B1543065EC8FD3EC.NASL"]}], "modified": "2016-10-18T21:22:37", "rev": 2}}, "objectVersion": "1.2", "type": "freebsd", "cvss": {"score": 0.0, "vector": "NONE"}, "title": "Tor -- remote denial of service", "viewCount": 0, "hashmap": [{"hash": "fe6fb23fa5f2d78ea1b99d00b044d183", "key": "affectedPackage"}, {"hash": "4913a9178621eadcdf191db17915fbcb", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "f5ebab349e1d608f0cdedccdad695437", "key": "description"}, {"hash": "fe629539772db747c132fe1fec89792c", "key": "href"}, {"hash": "bee8ec174edfe5a455d4b5845a1d4e79", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "bee8ec174edfe5a455d4b5845a1d4e79", "key": "published"}, {"hash": "6a1a9c7e7b6b0e2a9dd001f097d45390", "key": "references"}, {"hash": "a3dc630729e463135f4e608954fa6e19", "key": "reporter"}, {"hash": "0a0b65a0fb2a9a06ab8f00b69205e2aa", "key": "title"}, {"hash": "1527e888767cdce15d200b870b39cfd0", "key": "type"}]}]}