{"id": "SECURITYVULNS:DOC:23110", "bulletinFamily": "software", "title": "Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)", "description": "##########################################################\r\n# Comodo Group\r\n#\r\n# Vendor : Kayako Infotech Ltd.\r\n# URL : http://www.kayako.com/\r\n# Version : Kayako SupportSuite <= 3.60.04\r\n##########################################################\r\n\r\nWe've discovered multiple persistent cross site scripting vulnerabilities in the latest version of\r\nKayako SupportSuite (3.60.04). Because of improper input validation an attacker (authenticated staff\r\nmember) can inject javascript code into the body or even subject of a knowledge base article which will\r\nexecute in to context of the victim's browser when they view the pages in question. THis makes it\r\npossible to steal cookies, hijack sessions and more. The severity of this is augmented by the fact\r\nthat the subjects of newly published articles appear on the home page of the portal making it easy to\r\ncompromise a large number of users.\r\n\r\nThe vendor has been notified, but until they issue a patch administrators can modify the relevant php\r\nthemselves to do better input validation.\r\n\r\nBKz\r\nLPIC, Sec+, OSCP\r\nhttp://www.comodo.com/", "published": "2010-01-23T00:00:00", "modified": "2010-01-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23110", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:33", "edition": 1, "viewCount": 35, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2018-08-31T11:10:33", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB2526297", "KB2501721", "KB317244", "KB980408", "KB981401", "KB2785908", "KB953331", "KB2510690", "KB3191913", "KB2874216"]}], "modified": "2018-08-31T11:10:33", "rev": 2}, "vulnersScore": -0.1}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"cve": [{"bulletinFamily": "NVD", "hash": "6a0ace8cdb63863b470e6561269f441d83851201520bc6a55e7930a925c15e3a", "id": "CVE-2014-2595", "lastseen": "2021-04-22T23:44:08", "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "cvelist": ["CVE-2014-2595"], "viewCount": 73, "modified": "2020-02-20T15:55:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "edition": 8, "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "history": [{"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-13T14:29:47", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-13T14:29:47", "value": 6.9, "vector": "NONE"}}, "hash": "0d148bb322c927927cf5c8adaba4daf0d811bf2bee4917f93ca62ca2f942333e", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "23075837e6c728c8f0077b2ae5d5ee7f", "key": "modified"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-13T14:29:47", "modified": "2020-02-12T13:07:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["cpe23", "cvss", "cvss2", "modified", "cpe", "cwe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-13T14:29:47"}, {"bulletin": {"affectedSoftware": [], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "cwe": [], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-02-12T14:27:29", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}]}, "score": {"modified": "2020-02-12T14:27:29", "value": 6.9, "vector": "NONE"}}, "hash": "6ccf8f84237981876cda9914b348e4e11c8972875cdf630f59422732f1ea69ba", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "modified"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss2"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-12T14:27:29", "modified": "2020-02-12T01:15:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 28}, "differentElements": ["modified"], "edition": 2, "lastseen": "2020-02-12T14:27:29"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-10-03T12:01:15", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-10-03T12:01:15", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [], "hash": "65fabd8c3b92ccbba797b3dfba517234b9e0e8bc2464531f2cd64047dd457870", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-10-03T12:01:15", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 56}, "differentElements": ["extraReferences"], "edition": 6, "lastseen": "2020-10-03T12:01:15"}, {"bulletin": {"affectedSoftware": [{"name": "barracuda web_application_firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-02-21T13:06:26", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2020-02-21T13:06:26", "rev": 2, "value": 6.9, "vector": "NONE"}}, "hash": "4423bdd8d6936961112ee89e752cf7c866f443470052f4a4ac3529b4be6ae18f", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}, {"hash": "ee2d931efb4c4fa7a1a321df76c0b838", "key": "affectedSoftware"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "lastseen": "2020-02-21T13:06:26", "modified": "2020-02-20T15:55:00", "objectVersion": "1.3", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 47}, "differentElements": ["cvss3", "affectedSoftware"], "edition": 4, "lastseen": "2020-02-21T13:06:26"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2595"], "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cwe": ["CWE-613"], "description": "Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.", "edition": 7, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:28", "references": [{"idList": ["PACKETSTORM:127740"], "type": "packetstorm"}, {"idList": ["SECURITYVULNS:DOC:31004", "SECURITYVULNS:VULN:13887"], "type": "securityvulns"}, {"idList": ["EDB-ID:39278"], "type": "exploitdb"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:28", "rev": 2, "value": 6.9, "vector": "NONE"}}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "hash": "d6e72c33ebf3accfe25046812d0b1e7698f2d37c9159defa7c7bda26e2ab359b", "hashmap": [{"hash": "584cd9e6927eaaa814c6545414f09911", "key": "description"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "cf46dbeffc0c7dc51130bcd388b4459a", "key": "references"}, {"hash": "92ee34fefd5301ff6ccb77b813c8d4f8", "key": "modified"}, {"hash": "86870277fcb3e3e121fe9e4f1f7c2b51", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "405ecfc0fb244283a2773863614145bf", "key": "cpe23"}, {"hash": "e63509ce8b627fb239a5a63969122026", "key": "cvss2"}, {"hash": "832b9c21b4589969549f63eb0724398c", "key": "cpe"}, {"hash": "0e66a595df2112e69adac8e55cbdb92d", "key": "cpeConfiguration"}, {"hash": "a97b191a26cb922c0b82d26c5f04f4db", "key": "affectedSoftware"}, {"hash": "ad35358d166de03a84a3a9280d95337a", "key": "cvss3"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "073d5951cb97bd54baf9ef00e5950ef4", "key": "extraReferences"}, {"hash": "afd8c4a8002c25596504fc1efc107886", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6c607768196e3786ab17cb3a6e516cad", "key": "published"}, {"hash": "0b053db5674b87efff89989a8a720df3", "key": "cvss"}, {"hash": "756bd44ad36e62b951b7a08611cbd3f5", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "bc7f8fc71017e1124d57947313af5643", "key": "title"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "id": "CVE-2014-2595", "immutableFields": [], "lastseen": "2021-02-02T06:14:28", "modified": "2020-02-20T15:55:00", "objectVersion": "1.5", "published": "2020-02-12T01:15:00", "references": ["https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "http://www.osvdb.org/109782", "https://www.securityfocus.com/bid/69028", "https://www.exploit-db.com/exploits/39278", "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "http://seclists.org/fulldisclosure/2014/Aug/5"], "reporter": "cve@mitre.org", "title": "CVE-2014-2595", "type": "cve", "viewCount": 60}, "different_elements": ["cpeConfiguration"], "edition": 7, "lastseen": "2021-02-02T06:14:28"}], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2595", "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13887", "SECURITYVULNS:DOC:31004"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:127740"]}, {"type": "exploitdb", "idList": ["EDB-ID:39278"]}], "modified": "2021-04-22T23:44:08", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-04-22T23:44:08", "rev": 2}}, "type": "cve", "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a97b191a26cb922c0b82d26c5f04f4db"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "832b9c21b4589969549f63eb0724398c"}, {"key": "cpe23", "hash": "405ecfc0fb244283a2773863614145bf"}, {"key": "cpeConfiguration", "hash": "238f536d7ccbcb60d24ab76ed2548b8b"}, {"key": "cvelist", "hash": "afd8c4a8002c25596504fc1efc107886"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "e63509ce8b627fb239a5a63969122026"}, {"key": "cvss3", "hash": "ad35358d166de03a84a3a9280d95337a"}, {"key": "cwe", "hash": "86870277fcb3e3e121fe9e4f1f7c2b51"}, {"key": "description", "hash": "584cd9e6927eaaa814c6545414f09911"}, {"key": "extraReferences", "hash": "073d5951cb97bd54baf9ef00e5950ef4"}, {"key": "href", "hash": "756bd44ad36e62b951b7a08611cbd3f5"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "92ee34fefd5301ff6ccb77b813c8d4f8"}, {"key": "published", "hash": "6c607768196e3786ab17cb3a6e516cad"}, {"key": "references", "hash": "cf46dbeffc0c7dc51130bcd388b4459a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "bc7f8fc71017e1124d57947313af5643"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "scheme": null, "affectedSoftware": [{"cpeName": "barracuda:web_application_firewall", "name": "barracuda web application firewall", "operator": "eq", "version": "7.8.1.013"}], "cpe": ["cpe:/a:barracuda:web_application_firewall:7.8.1.013"], "cpe23": ["cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*"], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cwe": ["CWE-613"], "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:barracuda:web_application_firewall:7.8.1.013:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/127740/Barracuda-WAF-Authentication-Bypass.html"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31004"}, {"name": "http://www.osvdb.org/109782", "refsource": "MISC", "tags": ["Broken Link"], "url": "http://www.osvdb.org/109782"}, {"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/", "refsource": "MISC", "tags": ["Broken Link"], "url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2595/"}, {"name": "https://www.exploit-db.com/exploits/39278", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/39278"}, {"name": "https://www.securityfocus.com/bid/69028", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.securityfocus.com/bid/69028"}, {"name": "http://seclists.org/fulldisclosure/2014/Aug/5", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List", "Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Aug/5"}], "immutableFields": []}, {"id": "CVE-2008-7273", "bulletinFamily": "NVD", "title": "CVE-2008-7273", "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "published": "2019-11-18T22:15:00", "modified": "2019-11-20T15:56:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "cvelist": ["CVE-2008-7273"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedSoftware": [{"name": "getfiregpg iceweasel-firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:iceweasel-firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 3, "enchantments": {"dependencies": {"modified": "2019-12-18T13:57:06", "references": [], "rev": 2}, "score": {"modified": "2019-12-18T13:57:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "d61e8c253c1f5d35ed5977532afcfe58d323a03057be4323e8c19bd7bed39d26", "hashmap": [{"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "3e1e24cf5fed13b85f5534cb239a1044", "key": "cpe"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "4464888dd8ea79b7344278e86594f061", "key": "affectedSoftware"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2019-12-18T13:57:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2019-12-18T13:57:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "557fd4cb813bf4897b5fdca93f953d2fe22dd9fed46f9a924ed2d03719983a4f", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-09-21T13:59:22", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 62}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 7, "enchantments": {"dependencies": {"modified": "2020-12-09T19:28:28", "references": [], "rev": 2}, "score": {"modified": "2020-12-09T19:28:28", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [], "hash": "3f2537e658f4240fe6f7df8e451ce685d2ca8ba79fbda529c1842e690c507e37", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-12-09T19:28:28", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 76}, "differentElements": ["extraReferences"], "edition": 7, "lastseen": "2020-12-09T19:28:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T11:51:06", "references": [], "rev": 2}, "score": {"modified": "2020-10-03T11:51:06", "rev": 2, "value": 1.2, "vector": "NONE"}}, "hash": "3f49259ae0555553bcbf3433a53f5984d6de287f6d865e78b449bda3b88b8ea7", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "lastseen": "2020-10-03T11:51:06", "modified": "2019-11-20T15:56:00", "objectVersion": "1.3", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 72}, "differentElements": ["affectedSoftware"], "edition": 5, "lastseen": "2020-10-03T11:51:06"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7273"], "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cwe": ["CWE-59"], "description": "A symlink issue exists in Iceweasel-firegpg before 0.6 due to insecure tempfile handling.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 1.2, "vector": "NONE"}}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "hash": "5b731cb69531a1a4f440c98e6086aef32b59d25a21b3e795f6d21cdd0acb5966", "hashmap": [{"hash": "beb519effad5780952ea4ce1697a49ad", "key": "cvss3"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "368a4092894f1320c5eb8d6f1746c872", "key": "modified"}, {"hash": "d613e2c86955266b0d3e0b9be74eae16", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b066b40875680d07f9f9912048360029", "key": "href"}, {"hash": "85fdbb6779c8f53457b03e4617cac1fd", "key": "extraReferences"}, {"hash": "5a3d95049ed4485340188fd46566963d", "key": "title"}, {"hash": "9c6958cd5dd022a438c0a93346bb7717", "key": "cvelist"}, {"hash": "2323c5f10ea99bff6a3fd88adbf7723c", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6f6410364e4cee78bd47ed1fc3d8dd5b", "key": "cvss"}, {"hash": "c92f044c94e4360fec268c45081f3bc6", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "f427291f843f1948956af8f0777cb86f", "key": "description"}, {"hash": "d1c394bb6e6939e65900ac8652bcb35f", "key": "published"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "a6adb76bd2d2e833d4aee455da4b36c3", "key": "cvss2"}, {"hash": "451ac74d9ed8923574ac49d27fa22411", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7273", "id": "CVE-2008-7273", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2019-11-20T15:56:00", "objectVersion": "1.5", "published": "2019-11-18T22:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7273", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "https://www.openwall.com/lists/oss-security/2011/01/14/2"], "reporter": "cve@mitre.org", "title": "CVE-2008-7273", "type": "cve", "viewCount": 78}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "2323c5f10ea99bff6a3fd88adbf7723c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "b37293c28011cded7e6cea212cc908fa"}, {"key": "cvelist", "hash": "9c6958cd5dd022a438c0a93346bb7717"}, {"key": "cvss", "hash": "6f6410364e4cee78bd47ed1fc3d8dd5b"}, {"key": "cvss2", "hash": "a6adb76bd2d2e833d4aee455da4b36c3"}, {"key": "cvss3", "hash": "beb519effad5780952ea4ce1697a49ad"}, {"key": "cwe", "hash": "c92f044c94e4360fec268c45081f3bc6"}, {"key": "description", "hash": "f427291f843f1948956af8f0777cb86f"}, {"key": "extraReferences", "hash": "85fdbb6779c8f53457b03e4617cac1fd"}, {"key": "href", "hash": "b066b40875680d07f9f9912048360029"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "368a4092894f1320c5eb8d6f1746c872"}, {"key": "published", "hash": "d1c394bb6e6939e65900ac8652bcb35f"}, {"key": "references", "hash": "d613e2c86955266b0d3e0b9be74eae16"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5a3d95049ed4485340188fd46566963d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d695debc34a1657f10acd9dd2989cff4ec01e7bd03c81d546ca7db279f9ade48", "viewCount": 85, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 1.2, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:iceweasel-firegpg", "name": "getfiregpg iceweasel-firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "cpe23": [], "cwe": ["CWE-59"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:iceweasel-firegpg:0.6:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://www.openwall.com/lists/oss-security/2011/01/14/2", "refsource": "MISC", "tags": ["Third Party Advisory", "Mailing List"], "url": "https://www.openwall.com/lists/oss-security/2011/01/14/2"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2008-7273", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7273"}], "immutableFields": []}, {"id": "CVE-2008-7272", "bulletinFamily": "NVD", "title": "CVE-2008-7272", "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "published": "2019-11-08T00:15:00", "modified": "2020-02-10T21:16:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "reporter": "cve@mitre.org", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "cvelist": ["CVE-2008-7272"], "type": "cve", "lastseen": "2021-04-21T20:41:43", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T13:59:22", "references": [], "rev": 2}, "score": {"modified": "2020-09-21T13:59:22", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "f6701a04d3477e440e72324b648d7646a2f9466e07e83e341707bb314aec84a0", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-09-21T13:59:22", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T13:59:22"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-02-11T14:25:16", "references": [], "rev": 2}, "score": {"modified": "2020-02-11T14:25:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "a5439a88032d0d96d6b3b175c5bb2652a08a5ac9dd8565abd675e989e312c52e", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-02-11T14:25:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 10}, "differentElements": ["cvss3", "cpe", "affectedSoftware"], "edition": 3, "lastseen": "2020-02-11T14:25:16"}, {"bulletin": {"affectedSoftware": [{"name": "getfiregpg firegpg", "operator": "eq", "version": "-"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:getfiregpg:firegpg:-"], "cpe23": [], "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user?s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users?s private key.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-11-15T19:55:37", "references": []}, "score": {"modified": "2019-11-15T19:55:37", "value": 2.4, "vector": "NONE"}}, "hash": "05a389bab8cb239109f07a53e4f0a9c76cc24d31548b23dfad15c1385b48f5a5", "hashmap": [{"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "b0552313c96be75e9ec1c10adb56b096", "key": "modified"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "240c2c1dd6f5cc5cbeb07774547c6c2b", "key": "description"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "c78a0c9b48c95bd2d49fb402de9ce674", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "d2db9f7acf8121ca4d72b70e2934db08", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2019-11-15T19:55:37", "modified": "2019-11-14T14:28:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 2}, "differentElements": ["description", "modified"], "edition": 2, "lastseen": "2019-11-15T19:55:37"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 8, "enchantments": {"dependencies": {"modified": "2021-02-02T05:35:21", "references": [], "rev": 2}, "score": {"modified": "2021-02-02T05:35:21", "rev": 2, "value": 2.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "hash": "feff88852d5f44ef4f736cb629de97022a0e3f23b99e0deec3d9ee5daaa7d8df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "4847e3110691b6a6a4c7664c0f127f70", "key": "extraReferences"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "a0acab3127efc281e78e28b6a414532c", "key": "affectedSoftware"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "immutableFields": [], "lastseen": "2021-02-02T05:35:21", "modified": "2020-02-10T21:16:00", "objectVersion": "1.5", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 19}, "different_elements": ["cpeConfiguration"], "edition": 8, "lastseen": "2021-02-02T05:35:21"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2008-7272"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cwe": ["CWE-312"], "description": "FireGPG before 0.6 handle user\u2019s passphrase and decrypted cleartext insecurely by writing pre-encrypted cleartext and the user's passphrase to disk which may result in the compromise of secure communication or a users\u2019s private key.", "edition": 6, "enchantments": {"dependencies": {"modified": "2020-11-29T22:56:16", "references": [], "rev": 2}, "score": {"modified": "2020-11-29T22:56:16", "rev": 2, "value": 2.4, "vector": "NONE"}}, "hash": "20ae55db346f6babbeac989b07a5b26e855e45e42cfda6773d64bbcb84e4ef79", "hashmap": [{"hash": "d647e62c83e294ffd6f56a7c761beece", "key": "affectedSoftware"}, {"hash": "54b0c94164bf625d039c58f14cd4c116", "key": "references"}, {"hash": "92c16862fafe4d9eb26185434339836e", "key": "cwe"}, {"hash": "5db042f8057f3f288fe9cd4213121eb2", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "767e67f900c3effb5b550959d21fb12e", "key": "cvelist"}, {"hash": "3c75b36a7f1966a251dbe6148b866f97", "key": "modified"}, {"hash": "9bc143c7676b7e5a3fd9537d7507310b", "key": "cvss2"}, {"hash": "675695b80d1f3d2196a77047e1ceba64", "key": "cpeConfiguration"}, {"hash": "a89198c45ce87f7ec9735a085150b708", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1162e82aa1c980ee7ebee4af4c99369c", "key": "published"}, {"hash": "cd391b15e7a01ae2bbfcca256d89bfb8", "key": "cvss3"}, {"hash": "95669953499c0eb40b242611dfbe75d4", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9258b012e591cc93a7c6b0cd1b5c6b05", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7272", "id": "CVE-2008-7272", "lastseen": "2020-11-29T22:56:16", "modified": "2020-02-10T21:16:00", "objectVersion": "1.3", "published": "2019-11-08T00:15:00", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-7272", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"], "reporter": "cve@mitre.org", "title": "CVE-2008-7272", "type": "cve", "viewCount": 15}, "differentElements": ["affectedSoftware"], "edition": 6, "lastseen": "2020-11-29T22:56:16"}], "edition": 9, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a0acab3127efc281e78e28b6a414532c"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "77e03828e2d6f83f8fa932acfe8daff3"}, {"key": "cvelist", "hash": "767e67f900c3effb5b550959d21fb12e"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "9bc143c7676b7e5a3fd9537d7507310b"}, {"key": "cvss3", "hash": "cd391b15e7a01ae2bbfcca256d89bfb8"}, {"key": "cwe", "hash": "92c16862fafe4d9eb26185434339836e"}, {"key": "description", "hash": "95669953499c0eb40b242611dfbe75d4"}, {"key": "extraReferences", "hash": "4847e3110691b6a6a4c7664c0f127f70"}, {"key": "href", "hash": "9258b012e591cc93a7c6b0cd1b5c6b05"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "3c75b36a7f1966a251dbe6148b866f97"}, {"key": "published", "hash": "1162e82aa1c980ee7ebee4af4c99369c"}, {"key": "references", "hash": "54b0c94164bf625d039c58f14cd4c116"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "5db042f8057f3f288fe9cd4213121eb2"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "f34f5d089606f7d870ccc28642bf61f774619d905673726848fc15f3a6590575", "viewCount": 25, "enchantments": {"dependencies": {"references": [], "modified": "2021-04-21T20:41:43", "rev": 2}, "score": {"value": 2.4, "vector": "NONE", "modified": "2021-04-21T20:41:43", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "getfiregpg:firegpg", "name": "getfiregpg firegpg", "operator": "lt", "version": "0.6"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": [], "cwe": ["CWE-312"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:getfiregpg:firegpg:0.6:*:*:*:*:firefox:*:*", "cpe_name": [], "versionEndExcluding": "0.6", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://security-tracker.debian.org/tracker/CVE-2008-7272", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2008-7272"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:20757?utm_source=securityvulns&utm_medium=redirect"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514386"}], "immutableFields": []}, {"id": "CVE-2015-9286", "bulletinFamily": "NVD", "title": "CVE-2015-9286", "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "published": "2019-04-30T14:29:00", "modified": "2019-05-01T14:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "reporter": "cve@mitre.org", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "cvelist": ["CVE-2015-9286"], "type": "cve", "lastseen": "2021-04-22T23:51:50", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:21:32", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2021-02-02T06:21:32", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "hash": "e0413d958386f6534538918bca2249dcc4f383174e07b3bfd828fd87bab2fae7", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "db8254901fea804d4d910fc508c1be32", "key": "extraReferences"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "immutableFields": [], "lastseen": "2021-02-02T06:21:32", "modified": "2019-05-01T14:22:00", "objectVersion": "1.5", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 10}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:21:32"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:09:33", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-09-21T14:09:33", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "e856f7b9491cefcc50723678fc0433f12f7c6ae1abe16d206957fd00f74aa6e1", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-09-21T14:09:33", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 4}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:09:33"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T20:03:10", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-12-09T20:03:10", "rev": 2, "value": 1.4, "vector": "NONE"}}, "extraReferences": [], "hash": "48b94d9acf0e692c61f3d939f819f0ddba91180b8a5c7286e7edbacc4207d0ed", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-12-09T20:03:10", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 6}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T20:03:10"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "*"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-30T00:13:43", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-11-30T00:13:43", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "6fe52c24d63e23f00822e673ee4063d867fb4719b46c47ea85a6bfe1400fe129", "hashmap": [{"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "71d5df73a226d76c990527e0ca95c8d8", "key": "affectedSoftware"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-11-30T00:13:43", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-30T00:13:43"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "bulletinFamily": "NVD", "cpe": [], "cpe23": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2015-9286"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cwe": ["CWE-79"], "description": "Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.", "edition": 3, "enchantments": {"dependencies": {"modified": "2020-10-03T12:49:59", "references": [{"idList": ["SECURITYVULNS:DOC:32625"], "type": "securityvulns"}, {"idList": ["GHSA-72FV-QGJ6-2W2P"], "type": "github"}], "rev": 2}, "score": {"modified": "2020-10-03T12:49:59", "rev": 2, "value": 1.4, "vector": "NONE"}}, "hash": "a933ff7201764471adcb8ac53cabee44c82a081f537a97f7fcd01cbed62795ec", "hashmap": [{"hash": "cabb6b89504f33d4cae5fb66665d6372", "key": "affectedSoftware"}, {"hash": "f9048d548aea2a33f8c8fe44e8c9817c", "key": "cvss3"}, {"hash": "4d53af7f522025f16113d72d1dd86a79", "key": "published"}, {"hash": "0ac6deaa5a07331e3db4762cb458fde6", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "7bcda725e0fe4634bd741d18870efc86", "key": "description"}, {"hash": "4419eb17de947d4d6b67ac07ed8d9064", "key": "cvss2"}, {"hash": "8e5a048329755897094215f117301c63", "key": "modified"}, {"hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295", "key": "cvelist"}, {"hash": "dac3bc07a427ceea0c7680630fcafbdf", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "6e87bbaab34c901324df8e163b451120", "key": "title"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "587727297bf29a06aaafbf1f31d41b9a", "key": "cpeConfiguration"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9286", "id": "CVE-2015-9286", "lastseen": "2020-10-03T12:49:59", "modified": "2019-05-01T14:22:00", "objectVersion": "1.3", "published": "2019-04-30T14:29:00", "references": ["https://github.com/NodeBB/NodeBB/pull/3371", "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "https://www.vulnerability-lab.com/get_content.php?id=1608", "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"], "reporter": "cve@mitre.org", "title": "CVE-2015-9286", "type": "cve", "viewCount": 5}, "differentElements": ["affectedSoftware"], "edition": 3, "lastseen": "2020-10-03T12:49:59"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "cabb6b89504f33d4cae5fb66665d6372"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpeConfiguration", "hash": "f9e1afb4d3a36011638be68c9582e6b5"}, {"key": "cvelist", "hash": "f964d0f7ddcfa3fb2eb8853d2a1e7295"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "4419eb17de947d4d6b67ac07ed8d9064"}, {"key": "cvss3", "hash": "f9048d548aea2a33f8c8fe44e8c9817c"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "7bcda725e0fe4634bd741d18870efc86"}, {"key": "extraReferences", "hash": "db8254901fea804d4d910fc508c1be32"}, {"key": "href", "hash": "0ac6deaa5a07331e3db4762cb458fde6"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "8e5a048329755897094215f117301c63"}, {"key": "published", "hash": "4d53af7f522025f16113d72d1dd86a79"}, {"key": "references", "hash": "dac3bc07a427ceea0c7680630fcafbdf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6e87bbaab34c901324df8e163b451120"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "6e9080b6a871ad58f0d05298373de4fe9c9158a2d86ff7f1a34e720d353d3e7b", "viewCount": 14, "enchantments": {"dependencies": {"references": [{"type": "github", "idList": ["GHSA-72FV-QGJ6-2W2P"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32625"]}], "modified": "2021-04-22T23:51:50", "rev": 2}, "score": {"value": 1.4, "vector": "NONE", "modified": "2021-04-22T23:51:50", "rev": 2}}, "objectVersion": "1.5", "cpe": [], "affectedSoftware": [{"cpeName": "nodebb:nodebb", "name": "nodebb", "operator": "lt", "version": "0.7.3"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": [], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:nodebb:nodebb:0.7.3:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "0.7.3", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "https://github.com/NodeBB/NodeBB/pull/3371", "refsource": "MISC", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/NodeBB/NodeBB/pull/3371"}, {"name": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32625"}, {"name": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529", "refsource": "MISC", "tags": ["Third Party Advisory", "Release Notes"], "url": "https://github.com/NodeBB/NodeBB/compare/56b79a9...4de7529"}, {"name": "https://www.vulnerability-lab.com/get_content.php?id=1608", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.vulnerability-lab.com/get_content.php?id=1608"}], "immutableFields": []}, {"id": "CVE-2018-10534", "bulletinFamily": "NVD", "title": "CVE-2018-10534", "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "published": "2018-04-29T15:29:00", "modified": "2019-08-03T13:15:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10534", "reporter": "cve@mitre.org", "references": ["https://access.redhat.com/errata/RHSA-2018:3032", "https://access.redhat.com/errata/RHBA-2019:0327", "http://www.securityfocus.com/bid/104025", "https://usn.ubuntu.com/4336-1/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", "https://security.gentoo.org/glsa/201908-01"], "cvelist": ["CVE-2018-10534"], "type": "cve", "lastseen": "2021-04-23T00:24:12", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "7.0"}, {"cpeName": "gnu:binutils", "name": "gnu binutils", "operator": "eq", "version": "2.30"}, {"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "7.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-10534"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-787"], "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:52:23", "references": [{"idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"], "type": "cloudfoundry"}, {"idList": ["USN-4336-1"], "type": "ubuntu"}, {"idList": ["GLSA-201908-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562311220191019", "OPENVAS:1361412562311220181426", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562310844401", "OPENVAS:1361412562310851941", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220181400"], "type": "openvas"}, {"idList": ["ELSA-2018-3032"], "type": "oraclelinux"}, {"idList": ["RHSA-2018:3032"], "type": "redhat"}, {"idList": ["CESA-2018:3032"], "type": "centos"}, {"idList": ["OPENSUSE-SU-2018:3223-1", "OPENSUSE-SU-2018:3323-1"], "type": "suse"}, {"idList": ["PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "EULEROS_SA-2019-1219.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2018-1426.NASL", "EULEROS_SA-2019-1019.NASL", "CENTOS_RHSA-2018-3032.NASL", "EULEROS_SA-2019-1377.NASL", "EULEROS_SA-2018-1400.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-02-02T06:52:23", "rev": 2, "value": 5.4, "vector": "NONE"}}, "extraReferences": [{"name": "GLSA-201908-01", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201908-01"}, {"name": "104025", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104025"}, {"name": "RHSA-2018:3032", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3032"}, {"name": "USN-4336-1", "refsource": "UBUNTU", "tags": [], "url": "https://usn.ubuntu.com/4336-1/"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23110"}, {"name": "RHBA-2019:0327", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}], "hash": "21026092761ff8b78db1050c46a58d48c0be8f4557ebe7360e727d82b922b6e3", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "99beb31cec32551e39850d473b9b1adb", "key": "cvss3"}, {"hash": "3879ca219fb5c5a534cb9d616e7a20b8", "key": "title"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "eebbe84821fd93af4292319dec8df826", "key": "description"}, {"hash": "430b60087e0f212fe1e01ae7e376eb68", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "a04855e15b122a23b74428539bc943bf", "key": "affectedSoftware"}, {"hash": "a8c9f6c4c74d9fbee97396f3560b762e", "key": "cpe23"}, {"hash": "00d477ddcdc0530e7a62d97b53839913", "key": "cvelist"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "72fc664cfee98613fc7f044a3ef1fc28", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7e8609a0f91f8818169d221445076197", "key": "references"}, {"hash": "ae3bd3c566d749050e8148251738167c", "key": "cpeConfiguration"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "94ee2d89cdbcd0ef589b8e95d6e29f12", "key": "modified"}, {"hash": "69406dc5ec99992fdaebf6bca6e78ebd", "key": "extraReferences"}, {"hash": "079ef60d2462ddcacc921d2526f2c935", "key": "published"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10534", "id": "CVE-2018-10534", "immutableFields": [], "lastseen": "2021-02-02T06:52:23", "modified": "2019-08-03T13:15:00", "objectVersion": "1.5", "published": "2018-04-29T15:29:00", "references": ["https://access.redhat.com/errata/RHSA-2018:3032", "https://access.redhat.com/errata/RHBA-2019:0327", "http://www.securityfocus.com/bid/104025", "https://usn.ubuntu.com/4336-1/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", "https://security.gentoo.org/glsa/201908-01"], "reporter": "cve@mitre.org", "title": "CVE-2018-10534", "type": "cve", "viewCount": 76}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:52:23"}, {"bulletin": {"affectedSoftware": [{"name": "redhat enterprise_linux_desktop", "operator": "eq", "version": "7.0"}, {"name": "gnu binutils", "operator": "eq", "version": "2.30"}, {"name": "redhat enterprise_linux_workstation", "operator": "eq", "version": "7.0"}, {"name": "redhat enterprise_linux_server", "operator": "eq", "version": "7.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:redhat:enterprise_linux_server:7.0", "cpe:/a:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-10534"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-787"], "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "edition": 2, "enchantments": {"dependencies": {"modified": "2019-08-04T11:12:28", "references": [{"idList": ["USN-4336-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562311220191019", "OPENVAS:1361412562311220181426", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562310851941", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220181400"], "type": "openvas"}, {"idList": ["GLSA-201908-01"], "type": "gentoo"}, {"idList": ["ELSA-2018-3032"], "type": "oraclelinux"}, {"idList": ["RHSA-2018:3032"], "type": "redhat"}, {"idList": ["CESA-2018:3032"], "type": "centos"}, {"idList": ["OPENSUSE-SU-2018:3223-1", "OPENSUSE-SU-2018:3323-1"], "type": "suse"}, {"idList": ["SL_20181030_BINUTILS_ON_SL7_X.NASL", "PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "EULEROS_SA-2019-1219.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2018-1426.NASL", "CENTOS_RHSA-2018-3032.NASL", "NEWSTART_CGSL_NS-SA-2019-0060_BINUTILS.NASL", "EULEROS_SA-2018-1400.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2019-08-04T11:12:28", "rev": 2, "value": 5.3, "vector": "NONE"}}, "hash": "41a1f3f1a0d19844de0d82703ecaa18ab5e68edb57c3f75585258089604db8c6", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "99beb31cec32551e39850d473b9b1adb", "key": "cvss3"}, {"hash": "3879ca219fb5c5a534cb9d616e7a20b8", "key": "title"}, {"hash": "eebbe84821fd93af4292319dec8df826", "key": "description"}, {"hash": "430b60087e0f212fe1e01ae7e376eb68", "key": "href"}, {"hash": "a8c9f6c4c74d9fbee97396f3560b762e", "key": "cpe23"}, {"hash": "00d477ddcdc0530e7a62d97b53839913", "key": "cvelist"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6bc2436f802d6ed8a96767ddd7ef38cb", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "94ee2d89cdbcd0ef589b8e95d6e29f12", "key": "modified"}, {"hash": "079ef60d2462ddcacc921d2526f2c935", "key": "published"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "c21661fdfc9c657b55c0abb26e481779", "key": "cpe"}, {"hash": "7fa2f22b1e2cb8b62b2f4eac90714ee8", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10534", "id": "CVE-2018-10534", "lastseen": "2019-08-04T11:12:28", "modified": "2019-08-03T13:15:00", "objectVersion": "1.3", "published": "2018-04-29T15:29:00", "references": ["https://access.redhat.com/errata/RHSA-2018:3032", "https://access.redhat.com/errata/RHBA-2019:0327", "http://www.securityfocus.com/bid/104025", "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", "https://security.gentoo.org/glsa/201908-01"], "reporter": "cve@mitre.org", "title": "CVE-2018-10534", "type": "cve", "viewCount": 72}, "differentElements": ["references"], "edition": 2, "lastseen": "2019-08-04T11:12:28"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "7.0"}, {"cpeName": "gnu:binutils", "name": "gnu binutils", "operator": "eq", "version": "2.30"}, {"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "7.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2018-10534"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-787"], "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-09-21T14:28:55", "references": [{"idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"], "type": "cloudfoundry"}, {"idList": ["USN-4336-1"], "type": "ubuntu"}, {"idList": ["GLSA-201908-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562311220191019", "OPENVAS:1361412562311220181426", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562310844401", "OPENVAS:1361412562310851941", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220181400"], "type": "openvas"}, {"idList": ["ELSA-2018-3032"], "type": "oraclelinux"}, {"idList": ["RHSA-2018:3032"], "type": "redhat"}, {"idList": ["CESA-2018:3032"], "type": "centos"}, {"idList": ["OPENSUSE-SU-2018:3223-1", "OPENSUSE-SU-2018:3323-1"], "type": "suse"}, {"idList": ["SL_20181030_BINUTILS_ON_SL7_X.NASL", "PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "EULEROS_SA-2019-1219.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2018-1426.NASL", "NEWSTART_CGSL_NS-SA-2019-0060_BINUTILS.NASL", "EULEROS_SA-2019-1377.NASL", "EULEROS_SA-2018-1400.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-09-21T14:28:55", "rev": 2, "value": 5.4, "vector": "NONE"}}, "hash": "f050f4f650f760d84c1994e533e118fb14c528083ff26dfa04b7775b6d975852", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "99beb31cec32551e39850d473b9b1adb", "key": "cvss3"}, {"hash": "3879ca219fb5c5a534cb9d616e7a20b8", "key": "title"}, {"hash": "eebbe84821fd93af4292319dec8df826", "key": "description"}, {"hash": "430b60087e0f212fe1e01ae7e376eb68", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "a04855e15b122a23b74428539bc943bf", "key": "affectedSoftware"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "a8c9f6c4c74d9fbee97396f3560b762e", "key": "cpe23"}, {"hash": "00d477ddcdc0530e7a62d97b53839913", "key": "cvelist"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "72fc664cfee98613fc7f044a3ef1fc28", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7e8609a0f91f8818169d221445076197", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "94ee2d89cdbcd0ef589b8e95d6e29f12", "key": "modified"}, {"hash": "079ef60d2462ddcacc921d2526f2c935", "key": "published"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10534", "id": "CVE-2018-10534", "lastseen": "2020-09-21T14:28:55", "modified": "2019-08-03T13:15:00", "objectVersion": "1.3", "published": "2018-04-29T15:29:00", "references": ["https://access.redhat.com/errata/RHSA-2018:3032", "https://access.redhat.com/errata/RHBA-2019:0327", "http://www.securityfocus.com/bid/104025", "https://usn.ubuntu.com/4336-1/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", "https://security.gentoo.org/glsa/201908-01"], "reporter": "cve@mitre.org", "title": "CVE-2018-10534", "type": "cve", "viewCount": 74}, "differentElements": ["cpeConfiguration"], "edition": 4, "lastseen": "2020-09-21T14:28:55"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "7.0"}, {"cpeName": "gnu:binutils", "name": "gnu binutils", "operator": "eq", "version": "2.30"}, {"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "7.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2018-10534"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-787"], "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-10-03T13:20:08", "references": [{"idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"], "type": "cloudfoundry"}, {"idList": ["USN-4336-1"], "type": "ubuntu"}, {"idList": ["GLSA-201908-01"], "type": "gentoo"}, {"idList": ["OPENVAS:1361412562311220191019", "OPENVAS:1361412562311220181426", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562310844401", "OPENVAS:1361412562310851941", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220181400"], "type": "openvas"}, {"idList": ["ELSA-2018-3032"], "type": "oraclelinux"}, {"idList": ["RHSA-2018:3032"], "type": "redhat"}, {"idList": ["CESA-2018:3032"], "type": "centos"}, {"idList": ["OPENSUSE-SU-2018:3223-1", "OPENSUSE-SU-2018:3323-1"], "type": "suse"}, {"idList": ["PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "EULEROS_SA-2019-1219.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2018-1426.NASL", "EULEROS_SA-2019-1019.NASL", "CENTOS_RHSA-2018-3032.NASL", "EULEROS_SA-2019-1377.NASL", "EULEROS_SA-2018-1400.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2020-10-03T13:20:08", "rev": 2, "value": 5.4, "vector": "NONE"}}, "extraReferences": [], "hash": "3998029cd68dd8d9d2a1a829ed80ada4ae82346760e70bda6d604e9371482508", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "99beb31cec32551e39850d473b9b1adb", "key": "cvss3"}, {"hash": "3879ca219fb5c5a534cb9d616e7a20b8", "key": "title"}, {"hash": "eebbe84821fd93af4292319dec8df826", "key": "description"}, {"hash": "430b60087e0f212fe1e01ae7e376eb68", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "a04855e15b122a23b74428539bc943bf", "key": "affectedSoftware"}, {"hash": "a8c9f6c4c74d9fbee97396f3560b762e", "key": "cpe23"}, {"hash": "00d477ddcdc0530e7a62d97b53839913", "key": "cvelist"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "72fc664cfee98613fc7f044a3ef1fc28", "key": "cpe"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "7e8609a0f91f8818169d221445076197", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "ae3bd3c566d749050e8148251738167c", "key": "cpeConfiguration"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "94ee2d89cdbcd0ef589b8e95d6e29f12", "key": "modified"}, {"hash": "079ef60d2462ddcacc921d2526f2c935", "key": "published"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10534", "id": "CVE-2018-10534", "lastseen": "2020-10-03T13:20:08", "modified": "2019-08-03T13:15:00", "objectVersion": "1.3", "published": "2018-04-29T15:29:00", "references": ["https://access.redhat.com/errata/RHSA-2018:3032", "https://access.redhat.com/errata/RHBA-2019:0327", "http://www.securityfocus.com/bid/104025", "https://usn.ubuntu.com/4336-1/", "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", "https://security.gentoo.org/glsa/201908-01"], "reporter": "cve@mitre.org", "title": "CVE-2018-10534", "type": "cve", "viewCount": 75}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-10-03T13:20:08"}, {"bulletin": {"affectedSoftware": [{"name": "redhat enterprise_linux_desktop", "operator": "eq", "version": "7.0"}, {"name": "gnu binutils", "operator": "eq", "version": "2.30"}, {"name": "redhat enterprise_linux_workstation", "operator": "eq", "version": "7.0"}, {"name": "redhat enterprise_linux_server", "operator": "eq", "version": "7.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:redhat:enterprise_linux_server:7.0", "cpe:/a:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/a:redhat:enterprise_linux_desktop:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"], "cvelist": ["CVE-2018-10534"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cwe": ["CWE-787"], "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, processes a negative Data Directory size with an unbounded loop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so that the address exceeds its own memory region, resulting in an out-of-bounds memory write, as demonstrated by objcopy copying private info with _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:19:41", "references": [{"idList": ["OPENVAS:1361412562310851941", "OPENVAS:1361412562310852051"], "type": "openvas"}, {"idList": ["GLSA-201908-01"], "type": "gentoo"}, {"idList": ["ELSA-2018-3032"], "type": "oraclelinux"}, {"idList": ["RHSA-2018:3032"], "type": "redhat"}, {"idList": ["CESA-2018:3032"], "type": "centos"}, {"idList": ["OPENSUSE-SU-2018:3223-1", "OPENSUSE-SU-2018:3323-1"], "type": "suse"}, {"idList": ["SL_20181030_BINUTILS_ON_SL7_X.NASL", "PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2018-1426.NASL", "EULEROS_SA-2019-1019.NASL", "CENTOS_RHSA-2018-3032.NASL", "EULEROS_SA-2018-1400.NASL", "ORACLELINUX_ELSA-2018-3032.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-05-29T18:19:41", "value": 5.1, "vector": "NONE"}}, "hash": "306b95663c407c09257bf1e236ca9619a1e591c866159f13cfb81eb926474974", "hashmap": [{"hash": "741b18e744e3f37108cd8c3f4a1c6ef7", "key": "cvss"}, {"hash": "99beb31cec32551e39850d473b9b1adb", "key": "cvss3"}, {"hash": "3879ca219fb5c5a534cb9d616e7a20b8", "key": "title"}, {"hash": "eebbe84821fd93af4292319dec8df826", "key": "description"}, {"hash": "430b60087e0f212fe1e01ae7e376eb68", "key": "href"}, {"hash": "4b32e21838d7b8fc00b15a3a018edc8a", "key": "references"}, {"hash": "a8c9f6c4c74d9fbee97396f3560b762e", "key": "cpe23"}, {"hash": "00d477ddcdc0530e7a62d97b53839913", "key": "cvelist"}, {"hash": "661a69d232e07fc7aadb258325e71df8", "key": "cwe"}, {"hash": "085289d3c335eb4e55d9b50dc3dbddd6", "key": "modified"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "6bc2436f802d6ed8a96767ddd7ef38cb", "key": "affectedSoftware"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "079ef60d2462ddcacc921d2526f2c935", "key": "published"}, {"hash": "9774a97785c6561b193cd00198cb4751", "key": "cvss2"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "c21661fdfc9c657b55c0abb26e481779", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10534", "id": "CVE-2018-10534", "lastseen": "2019-05-29T18:19:41", "modified": "2019-04-25T18:37:00", "objectVersion": "1.3", "published": "2018-04-29T15:29:00", "references": ["https://access.redhat.com/errata/RHSA-2018:3032", "https://access.redhat.com/errata/RHBA-2019:0327", "http://www.securityfocus.com/bid/104025", "https://sourceware.org/bugzilla/show_bug.cgi?id=23110"], "reporter": "cve@mitre.org", "title": "CVE-2018-10534", "type": "cve", "viewCount": 22}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2019-05-29T18:19:41"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "a04855e15b122a23b74428539bc943bf"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "72fc664cfee98613fc7f044a3ef1fc28"}, {"key": "cpe23", "hash": "a8c9f6c4c74d9fbee97396f3560b762e"}, {"key": "cpeConfiguration", "hash": "89e502d4c00e6145f1b10ba57e2aa2a9"}, {"key": "cvelist", "hash": "00d477ddcdc0530e7a62d97b53839913"}, {"key": "cvss", "hash": "741b18e744e3f37108cd8c3f4a1c6ef7"}, {"key": "cvss2", "hash": "9774a97785c6561b193cd00198cb4751"}, {"key": "cvss3", "hash": "99beb31cec32551e39850d473b9b1adb"}, {"key": "cwe", "hash": "661a69d232e07fc7aadb258325e71df8"}, {"key": "description", "hash": "eebbe84821fd93af4292319dec8df826"}, {"key": "extraReferences", "hash": "69406dc5ec99992fdaebf6bca6e78ebd"}, {"key": "href", "hash": "430b60087e0f212fe1e01ae7e376eb68"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "94ee2d89cdbcd0ef589b8e95d6e29f12"}, {"key": "published", "hash": "079ef60d2462ddcacc921d2526f2c935"}, {"key": "references", "hash": "7e8609a0f91f8818169d221445076197"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "3879ca219fb5c5a534cb9d616e7a20b8"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "736c795291dcc552351dbe77d9632d77a1623c7fdd4f6aaa8350dc1eb5a9807f", "viewCount": 91, "enchantments": {"dependencies": {"references": [{"type": "ubuntucve", "idList": ["UB:CVE-2018-10534"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-10534"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201908-01.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL", "UBUNTU_USN-4336-1.NASL", "ORACLELINUX_ELSA-2018-3032.NASL", "EULEROS_SA-2019-1019.NASL", "OPENSUSE-2018-1198.NASL", "OPENSUSE-2019-808.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "REDHAT-RHSA-2018-3032.NASL", "EULEROS_SA-2018-1400.NASL", "EULEROS_SA-2019-1219.NASL", "SUSE_SU-2018-3207-1.NASL", "SL_20181030_BINUTILS_ON_SL7_X.NASL", "CENTOS_RHSA-2018-3032.NASL", "OPENSUSE-2018-1222.NASL", "SUSE_SU-2018-3170-1.NASL", "SUSE_SU-2018-3207-2.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2018-1426.NASL", "EULEROS_SA-2019-1377.NASL", "UBUNTU_USN-4336-2.NASL", "PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "NEWSTART_CGSL_NS-SA-2019-0060_BINUTILS.NASL", "SUSE_SU-2018-3170-2.NASL"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0171", "PHSA-2018-2.0-0080"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851941", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562311220181400", "OPENVAS:1361412562311220191019", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562310844401", "OPENVAS:1361412562311220181426"]}, {"type": "redhat", "idList": ["RHSA-2018:3032"]}, {"type": "centos", "idList": ["CESA-2018:3032"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3032"]}, {"type": "gentoo", "idList": ["GLSA-201908-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3323-1", "OPENSUSE-SU-2018:3223-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"]}, {"type": "ubuntu", "idList": ["USN-4336-1", "USN-4336-2"]}], "modified": "2021-04-23T00:24:12", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-04-23T00:24:12", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/o:redhat:enterprise_linux_server:7.0", "cpe:/o:redhat:enterprise_linux_workstation:7.0", "cpe:/o:redhat:enterprise_linux_desktop:7.0", "cpe:/a:gnu:binutils:2.30"], "affectedSoftware": [{"cpeName": "redhat:enterprise_linux_desktop", "name": "redhat enterprise linux desktop", "operator": "eq", "version": "7.0"}, {"cpeName": "gnu:binutils", "name": "gnu binutils", "operator": "eq", "version": "2.30"}, {"cpeName": "redhat:enterprise_linux_workstation", "name": "redhat enterprise linux workstation", "operator": "eq", "version": "7.0"}, {"cpeName": "redhat:enterprise_linux_server", "name": "redhat enterprise linux server", "operator": "eq", "version": "7.0"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*"], "cwe": ["CWE-787"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:binutils:2.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}, {"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "GLSA-201908-01", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/201908-01"}, {"name": "104025", "refsource": "BID", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104025"}, {"name": "RHSA-2018:3032", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3032"}, {"name": "USN-4336-1", "refsource": "UBUNTU", "tags": [], "url": "https://usn.ubuntu.com/4336-1/"}, {"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23110", "refsource": "MISC", "tags": ["Third Party Advisory", "Issue Tracking"], "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23110"}, {"name": "RHBA-2019:0327", "refsource": "REDHAT", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHBA-2019:0327"}], "immutableFields": []}], "ubuntucve": [{"id": "UB:CVE-2018-10534", "hash": "700f0f67710861c58b09cf6ec586f7f6", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-10534", "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the\nBinary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\nBinutils 2.30, processes a negative Data Directory size with an unbounded\nloop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so\nthat the address exceeds its own memory region, resulting in an\nout-of-bounds memory write, as demonstrated by objcopy copying private info\nwith _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=23110>\n", "published": "2018-04-29T00:00:00", "modified": "2018-04-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2018-10534", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10534", "https://ubuntu.com/security/notices/USN-4336-1", "https://ubuntu.com/security/notices/USN-4336-2", "https://nvd.nist.gov/vuln/detail/CVE-2018-10534", "https://launchpad.net/bugs/cve/CVE-2018-10534", "https://security-tracker.debian.org/tracker/CVE-2018-10534"], "cvelist": ["CVE-2018-10534"], "immutableFields": [], "lastseen": "2021-07-30T22:55:29", "history": [{"bulletin": {"id": "UB:CVE-2018-10534", "hash": "0477933cd271948ba32a31445f3a7ff6", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-10534", "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the\nBinary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\nBinutils 2.30, processes a negative Data Directory size with an unbounded\nloop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so\nthat the address exceeds its own memory region, resulting in an\nout-of-bounds memory write, as demonstrated by objcopy copying private info\nwith _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=23110>\n", "published": "2018-04-29T00:00:00", "modified": "2018-04-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2018-10534", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10534", "https://ubuntu.com/security/notices/USN-4336-1", "https://nvd.nist.gov/vuln/detail/CVE-2018-10534", "https://launchpad.net/bugs/cve/CVE-2018-10534", "https://security-tracker.debian.org/tracker/CVE-2018-10534"], "cvelist": ["CVE-2018-10534"], "immutableFields": [], "lastseen": "2021-06-30T22:13:40", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-10534"]}, {"type": "cve", "idList": ["CVE-2018-10534"]}, {"type": "nessus", "idList": ["EULEROS_SA-2018-1426.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "EULEROS_SA-2018-1400.NASL", "PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "EULEROS_SA-2019-1377.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2019-1019.NASL", "CENTOS_RHSA-2018-3032.NASL", "EULEROS_SA-2019-1219.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844401", "OPENVAS:1361412562311220181400", "OPENVAS:1361412562310851941", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562311220181426", "OPENVAS:1361412562311220191019", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220191219"]}, {"type": "redhat", "idList": ["RHSA-2018:3032"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3032"]}, {"type": "centos", "idList": ["CESA-2018:3032"]}, {"type": "gentoo", "idList": ["GLSA-201908-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3223-1", "OPENSUSE-SU-2018:3323-1"]}, {"type": "ubuntu", "idList": ["USN-4336-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"]}], "modified": "2021-06-30T22:13:40", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-06-30T22:13:40", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "2.30.90.20180627-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "2.30-21ubuntu1~18.04.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}], "bugs": ["https://sourceware.org/bugzilla/show_bug.cgi?id=23110"]}, "lastseen": "2021-06-30T22:13:40", "differentElements": ["affectedPackage", "references"], "edition": 1}, {"bulletin": {"id": "UB:CVE-2018-10534", "hash": "d31684292040876fbd2cf7e6685766c1", "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2018-10534", "description": "The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the\nBinary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\nBinutils 2.30, processes a negative Data Directory size with an unbounded\nloop that increases the value of (external_IMAGE_DEBUG_DIRECTORY) *edd so\nthat the address exceeds its own memory region, resulting in an\nout-of-bounds memory write, as demonstrated by objcopy copying private info\nwith _bfd_pex64_bfd_copy_private_bfd_data_common in pex64igen.c.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=23110>\n", "published": "2018-04-29T00:00:00", "modified": "2018-04-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2018-10534", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10534", "https://ubuntu.com/security/notices/USN-4336-1", "https://ubuntu.com/security/notices/USN-4336-2", "https://nvd.nist.gov/vuln/detail/CVE-2018-10534", "https://launchpad.net/bugs/cve/CVE-2018-10534", "https://security-tracker.debian.org/tracker/CVE-2018-10534"], "cvelist": ["CVE-2018-10534"], "immutableFields": [], "lastseen": "2021-07-21T23:51:02", "history": [], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-10534"]}, {"type": "redhatcve", "idList": ["RH:CVE-2018-10534"]}, {"type": "nessus", "idList": ["EULEROS_SA-2018-1426.NASL", "EULEROS_SA-2019-1377.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL", "NEWSTART_CGSL_NS-SA-2019-0060_BINUTILS.NASL", "EULEROS_SA-2019-1019.NASL", "EULEROS_SA-2018-1400.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2019-1219.NASL", "PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191377", "OPENVAS:1361412562311220191019", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220181400", "OPENVAS:1361412562310851941", "OPENVAS:1361412562311220181426", "OPENVAS:1361412562310844401", "OPENVAS:1361412562311220191219"]}, {"type": "centos", "idList": ["CESA-2018:3032"]}, {"type": "redhat", "idList": ["RHSA-2018:3032"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3032"]}, {"type": "gentoo", "idList": ["GLSA-201908-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3323-1", "OPENSUSE-SU-2018:3223-1"]}, {"type": "ubuntu", "idList": ["USN-4336-1", "USN-4336-2"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"]}], "modified": "2021-07-21T23:51:02", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-07-21T23:51:02", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "2.30.90.20180627-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "2.30-21ubuntu1~18.04.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "2.26.1-1ubuntu1~16.04.8+esm1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}], "bugs": ["https://sourceware.org/bugzilla/show_bug.cgi?id=23110"]}, "lastseen": "2021-07-21T23:51:02", "differentElements": ["cvss2", "cvss3"], "edition": 2}], "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2018-10534"]}, {"type": "cve", "idList": ["CVE-2018-10534"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201908-01.NASL", "PHOTONOS_PHSA-2018-2_0-0080.NASL", "UBUNTU_USN-4336-1.NASL", "ORACLELINUX_ELSA-2018-3032.NASL", "EULEROS_SA-2019-1019.NASL", "OPENSUSE-2018-1198.NASL", "OPENSUSE-2019-808.NASL", "PHOTONOS_PHSA-2018-1_0-0171_BINUTILS.NASL", "REDHAT-RHSA-2018-3032.NASL", "EULEROS_SA-2018-1400.NASL", "EULEROS_SA-2019-1219.NASL", "SUSE_SU-2018-3207-1.NASL", "SL_20181030_BINUTILS_ON_SL7_X.NASL", "CENTOS_RHSA-2018-3032.NASL", "OPENSUSE-2018-1222.NASL", "SUSE_SU-2018-3170-1.NASL", "SUSE_SU-2018-3207-2.NASL", "PHOTONOS_PHSA-2018-1_0-0171.NASL", "EULEROS_SA-2018-1426.NASL", "EULEROS_SA-2019-1377.NASL", "UBUNTU_USN-4336-2.NASL", "PHOTONOS_PHSA-2018-2_0-0080_BINUTILS.NASL", "NEWSTART_CGSL_NS-SA-2019-0060_BINUTILS.NASL", "SUSE_SU-2018-3170-2.NASL"]}, {"type": "photon", "idList": ["PHSA-2018-1.0-0171", "PHSA-2018-2.0-0080"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851941", "OPENVAS:1361412562310852051", "OPENVAS:1361412562311220191219", "OPENVAS:1361412562311220181400", "OPENVAS:1361412562311220191019", "OPENVAS:1361412562311220191377", "OPENVAS:1361412562310844401", "OPENVAS:1361412562311220181426"]}, {"type": "redhat", "idList": ["RHSA-2018:3032"]}, {"type": "centos", "idList": ["CESA-2018:3032"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-3032"]}, {"type": "gentoo", "idList": ["GLSA-201908-01"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3323-1", "OPENSUSE-SU-2018:3223-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E28868CF5495F6C7D71AC5B00564832A"]}, {"type": "ubuntu", "idList": ["USN-4336-1", "USN-4336-2"]}], "modified": "2021-07-30T22:55:29", "rev": 2}, "score": {"value": 6.1, "vector": "NONE", "modified": "2021-07-30T22:55:29", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "2.30.90.20180627-1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "18.04", "arch": "noarch", "packageVersion": "2.30-21ubuntu1~18.04.3", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "2.26.1-1ubuntu1~16.04.8+esm1", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "binutils"}], "bugs": ["https://sourceware.org/bugzilla/show_bug.cgi?id=23110"], "_object_type": "robots.models.ubuntucve.UbuntuCVEBulletin", "_object_types": ["robots.models.ubuntucve.UbuntuCVEBulletin", "robots.models.base.Bulletin"]}], "openbugbounty": [{"published": "2018-01-02T15:30:00", "href": "https://www.openbugbounty.org/reports/481391/", "lastseen": "2018-03-14T22:59:32", "history": [{"lastseen": "2018-01-02T23:18:39", "bulletin": {"published": "2018-01-02T15:30:00", "href": "https://www.openbugbounty.org/reports/481391/", "lastseen": "2018-01-02T23:18:39", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 3.5, "modified": "2018-01-02T23:18:39"}}, "id": "OBB:481391", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "springout.com.au XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the springout.com.au website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 15:30 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 15:33 GMT \nCustomized security notification sent to website owner| 2 January, 2018 15:33 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T05:37:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:32", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:32", "rev": 2}}, "id": "OBB:481391", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "springout.com.au XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481391.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481391\n\nDescription| Value \n---|--- \nAffected Website:| springout.com.au \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.springout.com.au/dbpage.php?pg=bookings%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 15:30 GMT \nVulnerability Verified:| 2 January, 2018 15:33 GMT \nWebsite Operator Notified:| 2 January, 2018 15:33 GMT \nVulnerability Published:| 2 January, 2018 15:33 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 05:37 GMT \nPublic Disclosure:| 2 February, 2018 05:37 GMT\n", "viewCount": 6}, {"published": "2018-01-02T15:28:00", "href": "https://www.openbugbounty.org/reports/481390/", "lastseen": "2018-03-14T22:59:34", "history": [{"lastseen": "2018-01-02T23:19:13", "bulletin": {"published": "2018-01-02T15:28:00", "href": "https://www.openbugbounty.org/reports/481390/", "lastseen": "2018-01-02T23:19:13", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 8.5, "modified": "2018-01-02T23:19:13"}}, "id": "OBB:481390", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "barbershopconvention.com.au XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the barbershopconvention.com.au website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 15:28 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 15:30 GMT \nCustomized security notification sent to website owner| 2 January, 2018 15:30 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T04:31:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:34", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:34", "rev": 2}}, "id": "OBB:481390", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "barbershopconvention.com.au XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481390.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481390\n\nDescription| Value \n---|--- \nAffected Website:| barbershopconvention.com.au \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.barbershopconvention.com.au/dbpage.php?pg=pastconventions%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 15:28 GMT \nVulnerability Verified:| 2 January, 2018 15:30 GMT \nWebsite Operator Notified:| 2 January, 2018 15:30 GMT \nVulnerability Published:| 2 January, 2018 15:30 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 04:31 GMT \nPublic Disclosure:| 2 February, 2018 04:31 GMT\n", "viewCount": 3}, {"published": "2018-01-02T15:25:00", "href": "https://www.openbugbounty.org/reports/481389/", "lastseen": "2018-03-14T22:59:33", "history": [{"lastseen": "2018-01-02T23:20:36", "bulletin": {"published": "2018-01-02T15:25:00", "href": "https://www.openbugbounty.org/reports/481389/", "lastseen": "2018-01-02T23:20:36", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 8.8, "modified": "2018-01-02T23:20:36"}}, "id": "OBB:481389", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "vocalescence.com XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the vocalescence.com website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 15:25 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 15:27 GMT \nCustomized security notification sent to website owner| 2 January, 2018 15:27 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 0}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T08:28:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:33", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:33", "rev": 2}}, "id": "OBB:481389", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "vocalescence.com XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481389.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481389\n\nDescription| Value \n---|--- \nAffected Website:| vocalescence.com \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.vocalescence.com/dbpage.php?pg=Affiliates%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 15:25 GMT \nVulnerability Verified:| 2 January, 2018 15:27 GMT \nWebsite Operator Notified:| 2 January, 2018 15:27 GMT \nVulnerability Published:| 2 January, 2018 15:27 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 08:28 GMT \nPublic Disclosure:| 2 February, 2018 08:28 GMT\n", "viewCount": 3}, {"published": "2018-01-02T15:20:00", "href": "https://www.openbugbounty.org/reports/481388/", "lastseen": "2018-03-14T22:59:36", "history": [{"lastseen": "2018-01-02T23:18:52", "bulletin": {"published": "2018-01-02T15:20:00", "href": "https://www.openbugbounty.org/reports/481388/", "lastseen": "2018-01-02T23:18:52", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 3.5, "modified": "2018-01-02T23:18:52"}}, "id": "OBB:481388", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "umbrellaacappella.com.au XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the umbrellaacappella.com.au website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 15:20 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 15:22 GMT \nCustomized security notification sent to website owner| 2 January, 2018 15:22 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T10:34:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:36", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:36", "rev": 2}}, "id": "OBB:481388", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "umbrellaacappella.com.au XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481388.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481388\n\nDescription| Value \n---|--- \nAffected Website:| umbrellaacappella.com.au \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.umbrellaacappella.com.au/dbpage.php?pg=contact%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 15:20 GMT \nVulnerability Verified:| 2 January, 2018 15:22 GMT \nWebsite Operator Notified:| 2 January, 2018 15:22 GMT \nVulnerability Published:| 2 January, 2018 15:22 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 10:34 GMT \nPublic Disclosure:| 2 February, 2018 10:34 GMT\n", "viewCount": 3}, {"published": "2018-01-02T15:17:00", "href": "https://www.openbugbounty.org/reports/481387/", "lastseen": "2018-03-14T22:59:34", "history": [{"lastseen": "2018-01-02T23:18:55", "bulletin": {"published": "2018-01-02T15:17:00", "href": "https://www.openbugbounty.org/reports/481387/", "lastseen": "2018-01-02T23:18:55", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T15:19:00", "enchantments": {"score": {"value": 6.3, "modified": "2018-01-02T23:18:55"}}, "id": "OBB:481387", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "rivercityclippers.org.au XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the rivercityclippers.org.au website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 15:17 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 15:19 GMT \nCustomized security notification sent to website owner| 2 January, 2018 15:19 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T06:35:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:34", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:34", "rev": 2}}, "id": "OBB:481387", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "rivercityclippers.org.au XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481387.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481387\n\nDescription| Value \n---|--- \nAffected Website:| rivercityclippers.org.au \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.rivercityclippers.org.au/dbpage.php?pg=contact%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 15:17 GMT \nVulnerability Verified:| 2 January, 2018 15:19 GMT \nWebsite Operator Notified:| 2 January, 2018 15:19 GMT \nVulnerability Published:| 2 January, 2018 15:19 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 06:35 GMT \nPublic Disclosure:| 2 February, 2018 06:35 GMT\n", "viewCount": 3}, {"published": "2018-01-02T15:11:00", "href": "https://www.openbugbounty.org/reports/481386/", "lastseen": "2018-03-14T22:59:36", "history": [{"lastseen": "2018-01-02T23:18:31", "bulletin": {"published": "2018-01-02T15:11:00", "href": "https://www.openbugbounty.org/reports/481386/", "lastseen": "2018-01-02T23:18:31", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 8.8, "modified": "2018-01-02T23:18:31"}}, "id": "OBB:481386", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "indianapoliswomenschorus.org XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the indianapoliswomenschorus.org website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 15:11 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 15:13 GMT \nCustomized security notification sent to website owner| 2 January, 2018 15:13 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T09:32:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:36", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:36", "rev": 2}}, "id": "OBB:481386", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "indianapoliswomenschorus.org XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481386.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481386\n\nDescription| Value \n---|--- \nAffected Website:| indianapoliswomenschorus.org \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.indianapoliswomenschorus.org/dbpage.php?pg=sponsors%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 15:11 GMT \nVulnerability Verified:| 2 January, 2018 15:13 GMT \nWebsite Operator Notified:| 2 January, 2018 15:13 GMT \nVulnerability Published:| 2 January, 2018 15:13 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 09:32 GMT \nPublic Disclosure:| 2 February, 2018 09:32 GMT\n", "viewCount": 3}, {"cvelist": [], "openbugbounty": {"patchStatus": "patched", "mirror": "http://481385.openbounty.org/mirror/"}, "id": "OBB:481385", "type": "openbugbounty", "history": [{"lastseen": "2018-01-02T23:22:43", "bulletin": {"cvelist": [], "openbugbounty": {"patchStatus": "on hold", "mirror": ""}, "id": "OBB:481385", "history": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the barbershop.org.au website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 14:59 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 15:02 GMT \nCustomized security notification sent to website owner| 2 January, 2018 15:02 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "lastseen": "2018-01-02T23:22:43", "reporter": "Pyae_Phy0_Thu", "href": "https://www.openbugbounty.org/reports/481385/", "modified": "2018-01-02T15:02:00", "title": "barbershop.org.au XSS vulnerability", "viewCount": 0, "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "bugbounty", "references": [], "enchantments": {"score": {"value": 6.3, "modified": "2018-01-02T23:22:43"}}, "published": "2018-01-02T14:59:00", "objectVersion": "1.4", "type": "openbugbounty"}, "edition": 1, "differentElements": ["description", "modified", "openbugbounty", "title"]}], "description": "##### Open Bug Bounty ID: OBB-481385\n\nDescription| Value \n---|--- \nAffected Website:| barbershop.org.au \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.barbershop.org.au/dbpage.php?pg=history%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 14:59 GMT \nVulnerability Verified:| 2 January, 2018 15:02 GMT \nWebsite Operator Notified:| 2 January, 2018 15:02 GMT \nVulnerability Published:| 2 January, 2018 15:02 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 06:29 GMT \nPublic Disclosure:| 2 February, 2018 06:29 GMT\n", "lastseen": "2018-03-14T22:59:35", "reporter": "Pyae_Phy0_Thu", "href": "https://www.openbugbounty.org/reports/481385/", "modified": "2018-02-02T06:29:00", "title": "barbershop.org.au XSS vulnerability ", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "viewCount": 2, "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "bugbounty", "references": [], "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:35", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:35", "rev": 2}}, "published": "2018-01-02T14:59:00", "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "objectVersion": "1.4"}, {"published": "2018-01-02T14:56:00", "href": "https://www.openbugbounty.org/reports/481384/", "lastseen": "2018-03-14T22:59:36", "history": [{"lastseen": "2018-01-02T23:18:33", "bulletin": {"published": "2018-01-02T14:56:00", "href": "https://www.openbugbounty.org/reports/481384/", "lastseen": "2018-01-02T23:18:33", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 9.4, "modified": "2018-01-02T23:18:33"}}, "id": "OBB:481384", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "cappellafestiva.org XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the cappellafestiva.org website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 14:56 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 14:58 GMT \nCustomized security notification sent to website owner| 2 January, 2018 14:58 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T04:33:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:36", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:36", "rev": 2}}, "id": "OBB:481384", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "cappellafestiva.org XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481384.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481384\n\nDescription| Value \n---|--- \nAffected Website:| cappellafestiva.org \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.cappellafestiva.org/dbpage.php?pg=history%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 14:56 GMT \nVulnerability Verified:| 2 January, 2018 14:58 GMT \nWebsite Operator Notified:| 2 January, 2018 14:58 GMT \nVulnerability Published:| 2 January, 2018 14:58 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 04:33 GMT \nPublic Disclosure:| 2 February, 2018 04:33 GMT\n", "viewCount": 4}, {"published": "2018-01-02T14:51:00", "href": "https://www.openbugbounty.org/reports/481383/", "lastseen": "2018-03-14T22:59:36", "history": [{"lastseen": "2018-01-02T23:18:35", "bulletin": {"published": "2018-01-02T14:51:00", "href": "https://www.openbugbounty.org/reports/481383/", "lastseen": "2018-01-02T23:18:35", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 8.8, "modified": "2018-01-02T23:18:35"}}, "id": "OBB:481383", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "chorusofdupage.com XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the chorusofdupage.com website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 14:51 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 14:53 GMT \nCustomized security notification sent to website owner| 2 January, 2018 14:53 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T05:34:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:36", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:36", "rev": 2}}, "id": "OBB:481383", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "chorusofdupage.com XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481383.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481383\n\nDescription| Value \n---|--- \nAffected Website:| chorusofdupage.com \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.chorusofdupage.com/dbpage.php?pg=history%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 14:51 GMT \nVulnerability Verified:| 2 January, 2018 14:53 GMT \nWebsite Operator Notified:| 2 January, 2018 14:53 GMT \nVulnerability Published:| 2 January, 2018 14:53 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 05:34 GMT \nPublic Disclosure:| 2 February, 2018 05:34 GMT\n", "viewCount": 3}, {"published": "2018-01-02T14:41:00", "href": "https://www.openbugbounty.org/reports/481377/", "lastseen": "2018-03-14T22:59:38", "history": [{"lastseen": "2018-01-02T23:18:38", "bulletin": {"published": "2018-01-02T14:41:00", "href": "https://www.openbugbounty.org/reports/481377/", "lastseen": "2018-01-02T23:18:38", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 8.8, "modified": "2018-01-02T23:18:38"}}, "id": "OBB:481377", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "colourfultrips.com XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the colourfultrips.com website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 14:41 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 14:44 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T05:37:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:38", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:38", "rev": 2}}, "id": "OBB:481377", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "colourfultrips.com XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481377.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481377\n\nDescription| Value \n---|--- \nAffected Website:| colourfultrips.com \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.colourfultrips.com/dbpage.php?pg=contactusthankyou%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 14:41 GMT \nVulnerability Verified:| 2 January, 2018 14:44 GMT \nWebsite Operator Notified:| 2 January, 2018 14:44 GMT \nVulnerability Published:| 2 January, 2018 14:44 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 05:37 GMT \nPublic Disclosure:| 2 February, 2018 05:37 GMT\n", "viewCount": 5}, {"published": "2018-01-02T14:34:00", "href": "https://www.openbugbounty.org/reports/481373/", "lastseen": "2018-03-14T22:59:37", "history": [{"lastseen": "2018-01-02T23:18:40", "bulletin": {"published": "2018-01-02T14:34:00", "href": "https://www.openbugbounty.org/reports/481373/", "lastseen": "2018-01-02T23:18:40", "history": [], "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-01-02T18:17:00", "enchantments": {"score": {"value": 3.5, "modified": "2018-01-02T23:18:40"}}, "id": "OBB:481373", "reporter": "Pyae_Phy0_Thu", "cvss": {"vector": "NONE", "score": 0.0}, "title": "sigknit.com XSS vulnerability", "objectVersion": "1.4", "openbugbounty": {"mirror": "", "patchStatus": "on hold"}, "cvelist": [], "references": [], "description": "On the 02.01.2018 security researcher reported a XSS vulnerability affecting the sigknit.com website via the Open Bug Bounty coordinated vulnerability disclosure program.\n\n##### Coordinated Disclosure Timeline:\n\nDescription| Value \n---|--- \nVulnerability submitted via Open Bug Bounty| 2 January, 2018 14:34 GMT \nGeneric security notifications sent to website owner| 2 January, 2018 14:36 GMT \nCustomized security notification sent to website owner| 2 January, 2018 14:36 GMT \nNotification sent to subscribers (without technical details)| 2 January, 2018 18:17 GMT \n \nIf you are the website owner or administrator please [contact the researcher](<https://www.openbugbounty.org/researchers/Pyae_Phy0_Thu/>) directly to get vulnerability details and proceed to coordinated disclosure.\n", "viewCount": 1}, "differentElements": ["description", "modified", "openbugbounty", "title"], "edition": 1}], "_object_type": "robots.models.openbugbounty.OpenbugbountyBulletin", "type": "openbugbounty", "bulletinFamily": "bugbounty", "modified": "2018-02-02T03:36:00", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2018-03-14T22:59:37", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-14T22:59:37", "rev": 2}}, "id": "OBB:481373", "reporter": "Pyae_Phy0_Thu", "_object_types": ["robots.models.base.Bulletin", "robots.models.openbugbounty.OpenbugbountyBulletin"], "cvss": {"vector": "NONE", "score": 0.0}, "title": "sigknit.com XSS vulnerability ", "objectVersion": "1.4", "openbugbounty": {"mirror": "http://481373.openbounty.org/mirror/", "patchStatus": "patched"}, "cvelist": [], "references": [], "description": "##### Open Bug Bounty ID: OBB-481373\n\nDescription| Value \n---|--- \nAffected Website:| sigknit.com \nVulnerable Application:| Custom Code \nVulnerability Type:| XSS (Cross Site Scripting) / CWE-79 \nCVSSv3 Score:| 6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] \nDisclosure Standard:| Coordinated Disclosure based on ISO 29147 guidelines \nRemediation Guide:| OWASP XSS Prevention Cheat Sheet \n \n##### Vulnerable URL:\n \n \n https://www.sigknit.com/dbpage.php?pg=contact%22%3E%3Csvg/onload=%26%2397%3B%26%23108%3B%26%23101%3B%26%23114%3B%26%23116%3B%26%2340%3B%26%23100%3B%26%23111%3B%26%2399%3B%26%23117%3B%26%23109%3B%26%23101%3B%26%23110%3B%26%23116%3B%26%2346%3B%26%23100%3B%26%23111%3B%26%23109%3B%26%2397%3B%26%23105%3B%26%23110%3B%26%2341%3B%3E\n \n\n##### Coordinated Disclosure Timeline\n\nDescription| Value \n---|--- \nVulnerability Reported:| 2 January, 2018 14:34 GMT \nVulnerability Verified:| 2 January, 2018 14:36 GMT \nWebsite Operator Notified:| 2 January, 2018 14:36 GMT \nVulnerability Published:| 2 January, 2018 14:36 GMT[without any technical details] \nVulnerability Fixed:| 2 February, 2018 03:36 GMT \nPublic Disclosure:| 2 February, 2018 03:36 GMT\n", "viewCount": 3}], "ciscothreats": [{"id": "CISCO-THREAT-44276", "type": "ciscothreats", "bulletinFamily": "info", "title": "Threat Outbreak Alert RuleID21898: Email Messages Distributing Malicious Software on March 23, 2016", "description": "Medium\n\nAlert ID: \n\n44276\n\nFirst Published:\n\n2016 March 23 18:05 GMT\n\nVersion: \n\n1\n\n## \n\nSummary \n\n * Cisco Security has detected significant activity related to spam email messages distributing malicious software. \n \nEmail messages that are related to this threat (RuleID21898) may contain the following files: \n \n**Name** | **Size in Bytes** | **MD5 Checksum** \n---|---|--- \nOrder_23032016.gz / Order_23032016.exe \n| 114,688 \n| 0x1E61034ED2F4CD6E7A1F91E15872A8CD \n \n \nThe following text is a sample of the email message that is associated with this threat outbreak: \n\n\n> Subject: **Sample Order - 23/03/2016[*]** \n \nMessage Body: \n \n**Hello, \nKindly view our attached sample and quote us accordingly \nwith your best price \nRegards \nSofia \nA&amp;G TRADING COMPANY LIMITED. \n11 North Buona Vista Drive,Unit #08-09 Singapore \nTel: +65 6908 77009 \nFax: +65 6904 23110** \n\n\nCisco security appliances can help protect customers during the critical period between the first exploit of a virus outbreak and the release of vendor antivirus signatures. Cisco Web Security Appliances help secure and control web and email traffic by offering layers of malware protection. Cisco security appliances are automatically updated to help prevent both spam email and hostile web URLs from being passed to the end user. \n \n**Related Links** \n[Cisco Security](<http://www.cisco.com/security>) \n[Cisco SenderBase Security Network](<http://www.senderbase.org/>)\n\n## \n\nRevision History \n\n * Version | Description | Section | Date \n---|---|---|--- \n1 | Initial Release | | 2016-March-23 18:05 GMT \nShow Less\n\n* * *\n\n## \n\nLegal Disclaimer \n\n * THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. \n\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products \n", "published": "2016-03-23T18:05:30", "modified": "2016-03-23T18:05:30", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=44276", "reporter": "Cisco", "references": [], "cvelist": [], "lastseen": "2018-07-26T11:56:46", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-07-26T11:56:46", "rev": 2}, "dependencies": {"references": [], "modified": "2018-07-26T11:56:46", "rev": 2}}, "objectVersion": "1.4", "ciscoThreat": {"md5": "0x1E61034ED2F4CD6E7A1F91E15872A8CD", "subject": "Sample Order - 23/03/2016[*]", "messageBody": "Hello,\nKindly view our attached sample and quote us accordingly\nwith your best price\nRegards\nSofia\nA&G TRADING COMPANY LIMITED.\n11 North Buona Vista Drive,Unit #08-09 Singapore\nTel: +65 6908 77009\nFax: +65 6904 23110", "files": "Order_23032016.gz / Order_23032016.exe", "size": 114688}, "_object_type": "robots.models.cisco.CiscoThreatBulletin", "_object_types": ["robots.models.cisco.CiscoThreatBulletin", "robots.models.base.Bulletin"]}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14753", "bulletinFamily": "software", "title": "PHP security vulnerabilities", "description": "PHAR extension DoS.", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "reporter": "BUGTRAQ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2021-06-08T19:08:49", "history": [{"bulletin": {"affectedSoftware": [{"name": "PHP", "operator": "eq", "version": "5.6"}], "bulletinFamily": "software", "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHAR extension DoS.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:10:03", "references": [{"idList": ["ALAS-2015-602", "ALAS-2015-601"], "type": "amazon"}, {"idList": ["CVE-2015-7803", "CVE-2015-7804"], "type": "cve"}, {"idList": ["H1:103990", "H1:104008"], "type": "hackerone"}, {"idList": ["SECURITYVULNS:DOC:32651"], "type": "securityvulns"}, {"idList": ["OPENVAS:1361412562310806649", "OPENVAS:1361412562310806648", "OPENVAS:703380", "OPENVAS:1361412562310120520", "OPENVAS:1361412562310842508", "OPENVAS:1361412562310807000", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310703380", "OPENVAS:1361412562310120396", "OPENVAS:1361412562311220191984"], "type": "openvas"}, {"idList": ["RHSA-2016:0457"], "type": "redhat"}, {"idList": ["SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1", "SUSE-SU-2016:1581-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"], "type": "debian"}, {"idList": ["USN-2786-1"], "type": "ubuntu"}, {"idList": ["SSA-2016-034-04"], "type": "slackware"}, {"idList": ["GLSA-201606-10"], "type": "gentoo"}, {"idList": ["ALA_ALAS-2015-602.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "UBUNTU_USN-2786-1.NASL", "PHP_5_6_14.NASL", "SUSE_SU-2016-0284-1.NASL", "PHP_5_5_30.NASL", "SLACKWARE_SSA_2016-034-04.NASL", "OPENSUSE-2016-100.NASL", "ALA_ALAS-2015-601.NASL", "DEBIAN_DSA-3380.NASL"], "type": "nessus"}, {"idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"], "type": "freebsd"}, {"idList": ["F5:K17503", "SOL17503"], "type": "f5"}, {"idList": ["CLSA-2020:1605798462"], "type": "cloudlinux"}], "rev": 2}, "score": {"modified": "2018-08-31T11:10:03", "rev": 2, "value": 7.4, "vector": "NONE"}}, "hash": "5bebcb6b83df2b42d069178c1e9ea73c038f8703bc95cf2b81c683a8d0d17ff6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "94aee96d0a33ff770af1ab8e308073f0", "key": "cvelist"}, {"hash": "c514412540c1e967450f03283e4ed180", "key": "references"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5c799165d68e636bd0726587ae899c0d", "key": "description"}, {"hash": "6d2dcaed858380d54d5782ad38c55586", "key": "affectedSoftware"}, {"hash": "2c5cca82a8670da097919f6160833daf", "key": "reporter"}, {"hash": "b3b8db0e3c7acd6c3190db6f8e88e96b", "key": "href"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "modified"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "3a18a828bc11b79a70839be146b3b5a3", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}, {"hash": "d8f38bedae5c73d95ff296ba2bd86a44", "key": "published"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14753", "id": "SECURITYVULNS:VULN:14753", "immutableFields": [], "lastseen": "2018-08-31T11:10:03", "modified": "2015-11-02T00:00:00", "objectVersion": "1.5", "published": "2015-11-02T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:32651"], "reporter": "BUGTRAQ", "title": "PHP security vulnerabilities", "type": "securityvulns", "viewCount": 212}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:10:03"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "1858c8bfb7eb8aace48fa57059397c29"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "5c799165d68e636bd0726587ae899c0d"}, {"key": "href", "hash": "b3b8db0e3c7acd6c3190db6f8e88e96b"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "c514412540c1e967450f03283e4ed180"}, {"key": "reporter", "hash": "2c5cca82a8670da097919f6160833daf"}, {"key": "title", "hash": "3a18a828bc11b79a70839be146b3b5a3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "8859a40c26baff900b73dab92cbb6fd72e9b8dcbbd9acc6d613b18d55563796e", "viewCount": 222, "enchantments": {"dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32651"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2021-06-08T19:08:49", "rev": 2}, "score": {"value": 7.4, "vector": "NONE", "modified": "2021-06-08T19:08:49", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "php", "operator": "eq", "version": "5.6"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}, {"id": "SECURITYVULNS:DOC:32651", "bulletinFamily": "software", "title": "[USN-2786-1] PHP vulnerabilities", "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2786-1\r\nOctober 28, 2015\r\n\r\nphp5 vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 15.10\r\n- Ubuntu 15.04\r\n- Ubuntu 14.04 LTS\r\n- Ubuntu 12.04 LTS\r\n\r\nSummary:\r\n\r\nPHP could be made to crash if it processed a specially crafted file.\r\n\r\nSoftware Description:\r\n- php5: HTML-embedded scripting language interpreter\r\n\r\nDetails:\r\n\r\nIt was discovered that the PHP phar extension incorrectly handled certain\r\nfiles. A remote attacker could use this issue to cause PHP to crash,\r\nresulting in a denial of service. &#40;CVE-2015-7803, CVE-2015-7804&#41;\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 15.10:\r\n libapache2-mod-php5 5.6.11+dfsg-1ubuntu3.1\r\n php5-cgi 5.6.11+dfsg-1ubuntu3.1\r\n php5-cli 5.6.11+dfsg-1ubuntu3.1\r\n php5-fpm 5.6.11+dfsg-1ubuntu3.1\r\n\r\nUbuntu 15.04:\r\n libapache2-mod-php5 5.6.4+dfsg-4ubuntu6.4\r\n php5-cgi 5.6.4+dfsg-4ubuntu6.4\r\n php5-cli 5.6.4+dfsg-4ubuntu6.4\r\n php5-fpm 5.6.4+dfsg-4ubuntu6.4\r\n\r\nUbuntu 14.04 LTS:\r\n libapache2-mod-php5 5.5.9+dfsg-1ubuntu4.14\r\n php5-cgi 5.5.9+dfsg-1ubuntu4.14\r\n php5-cli 5.5.9+dfsg-1ubuntu4.14\r\n php5-fpm 5.5.9+dfsg-1ubuntu4.14\r\n\r\nUbuntu 12.04 LTS:\r\n libapache2-mod-php5 5.3.10-1ubuntu3.21\r\n php5-cgi 5.3.10-1ubuntu3.21\r\n php5-cli 5.3.10-1ubuntu3.21\r\n php5-fpm 5.3.10-1ubuntu3.21\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2786-1\r\n CVE-2015-7803, CVE-2015-7804\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/php5/5.6.4+dfsg-4ubuntu6.4\r\n https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.14\r\n https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.21\r\n\r\n\r\n\r\n\r\n-- \r\nubuntu-security-announce mailing list\r\nubuntu-security-announce@lists.ubuntu.com\r\nModify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n\r\n", "published": "2015-11-02T00:00:00", "modified": "2015-11-02T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32651", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2015-7803", "CVE-2015-7804"], "type": "securityvulns", "lastseen": "2018-08-31T11:11:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "94aee96d0a33ff770af1ab8e308073f0"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "7591a4414fab4e00d545d96f67923bfe"}, {"key": "href", "hash": "91f326dd520bc78a7e8becd3c39b6be5"}, {"key": "modified", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "published", "hash": "d8f38bedae5c73d95ff296ba2bd86a44"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "29738b7846c783fb3a4f2a49b7c4ccd3"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "d2381bcd69ce89f633080a3b3bcd22d9c6038a3c2512d85530ef0a4ad6a45bd8", "viewCount": 181, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:11:02", "rev": 2}, "dependencies": {"references": [{"type": "f5", "idList": ["F5:K17503", "SOL17503"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-7803", "UB:CVE-2015-7804"]}, {"type": "cve", "idList": ["CVE-2015-7803", "CVE-2015-7804"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220191984", "OPENVAS:1361412562311220201747", "OPENVAS:1361412562310806649", "OPENVAS:1361412562310120520", "OPENVAS:1361412562311220192438", "OPENVAS:1361412562310703380", "OPENVAS:703380", "OPENVAS:1361412562311220192649", "OPENVAS:1361412562310807000", "OPENVAS:1361412562310806648", "OPENVAS:1361412562310120396", "OPENVAS:1361412562310842508"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3380-1:F94D6", "DEBIAN:DLA-341-1:DA682"]}, {"type": "nessus", "idList": ["ALA_ALAS-2015-602.NASL", "DEBIAN_DSA-3380.NASL", "EULEROS_SA-2019-2649.NASL", "PHP_5_5_30.NASL", "UBUNTU_USN-2786-1.NASL", "OPENSUSE-2016-100.NASL", "SUSE_SU-2016-1581-1.NASL", "FREEBSD_PKG_C1DA8B756AEF11E59909002590263BF5.NASL", "OPENSUSE-2016-157.NASL", "EULEROS_SA-2019-1984.NASL", "MACOSX_SECUPD2015-008.NASL", "9325.PRM", "SLACKWARE_SSA_2016-034-04.NASL", "EULEROS_SA-2019-2438.NASL", "SUSE_SU-2016-1638-1.NASL", "WEB_APPLICATION_SCANNING_98806", "GENTOO_GLSA-201606-10.NASL", "8956.PRM", "SUSE_SU-2016-0284-1.NASL", "MACOSX_10_11_2.NASL", "SUSE_SU-2016-1145-1.NASL", "PHP_5_6_14.NASL", "DEBIAN_DLA-341.NASL", "ALA_ALAS-2015-601.NASL", "PFSENSE_SA-15_08.NASL", "EULEROS_SA-2020-1747.NASL"]}, {"type": "ubuntu", "idList": ["USN-2786-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14753"]}, {"type": "freebsd", "idList": ["C1DA8B75-6AEF-11E5-9909-002590263BF5"]}, {"type": "slackware", "idList": ["SSA-2016-034-04"]}, {"type": "hackerone", "idList": ["H1:104008", "H1:103990"]}, {"type": "amazon", "idList": ["ALAS-2015-602", "ALAS-2015-601"]}, {"type": "redhat", "idList": ["RHSA-2016:0457"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1581-1", "SUSE-SU-2016:1145-1", "SUSE-SU-2016:1638-1"]}, {"type": "gentoo", "idList": ["GLSA-201606-10"]}, {"type": "cloudlinux", "idList": ["CLSA-2020:1605798462"]}], "modified": "2018-08-31T11:11:02", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}]}