Search...

ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability

2009-02-05T00:00:00

ID 1337DAY-ID-4805
Type zdt
Reporter Room-Hacker
Modified 2009-02-05T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability
=================================================================


#############################################################################################
[+] ClearBudget v0.6.1 Insecure Database Download
[+] Discovered By Room-Hacker
#############################################################################################
Ex :
http://site.il/db/budget.sqlite
Demo :
http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite
####################################################################################



#  0day.today [2018-04-09]  #

JSON Vulners Source

Initial Source

{"hash": "9572c374be34e59d862d1abca1741a4522599a2f0418d7d7c711202724020704", "id": "1337DAY-ID-4805", "lastseen": "2018-04-09T01:46:14", "viewCount": 1, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "418ede69d9a88f79b46d771212bc7f40", "key": "href"}, {"hash": "bace5b2470abbb2a1d18d36df4a6f755", "key": "modified"}, {"hash": "bace5b2470abbb2a1d18d36df4a6f755", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "cf75c1fb59e1b3014c9fafdea5dfdea7", "key": "reporter"}, {"hash": "449e2fac884dad0c7c4bd728d66c46ca", "key": "sourceData"}, {"hash": "554da6ea1a7d60178ae1725a7b74b61d", "key": "sourceHref"}, {"hash": "b0fbe454b780cc414412dc1add1850ed", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 10.0, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-04-09T01:46:14"}, "vulnersScore": 10.0}, "type": "zdt", "sourceHref": "https://0day.today/exploit/4805", "description": "Exploit for unknown platform in category web applications", "title": "ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability", "history": [{"bulletin": {"hash": "90507d5835be2bde0282821781a96fb8465572e25b3872278c69abf33d8ac0ec", "id": "1337DAY-ID-4805", "lastseen": "2016-04-19T23:28:24", "enchantments": {"score": {"value": 6.5, "vector": "AV:L/AC:L/Au:M/C:C/I:C/A:C/", "modified": "2016-04-19T23:28:24"}}, "hashmap": [{"hash": "2ba249eb38bf26e545109171e20799ca", "key": "sourceData"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "cf75c1fb59e1b3014c9fafdea5dfdea7", "key": "reporter"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "fead7b7dc360f4f5319a482cb7aeae81", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "ca28ed707442d7d19d045f3038698fbc", "key": "sourceHref"}, {"hash": "bace5b2470abbb2a1d18d36df4a6f755", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bace5b2470abbb2a1d18d36df4a6f755", "key": "modified"}, {"hash": "00157601768b634735774d15ccd18f9e", "key": "description"}, {"hash": "b0fbe454b780cc414412dc1add1850ed", "key": "title"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/4805", "description": "Exploit for unknown platform in category web applications", "viewCount": 0, "title": "ClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "=================================================================\r\nClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability\r\n=================================================================\r\n\r\n\r\n#############################################################################################\r\n[+] ClearBudget v0.6.1 Insecure Database Download\r\n[+] Discovered By Room-Hacker\r\n#############################################################################################\r\nEx :\r\nhttp://site.il/db/budget.sqlite\r\nDemo :\r\nhttp://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite\r\n####################################################################################\r\n\r\n\r\n\n# 0day.today [2016-04-19] #", "published": "2009-02-05T00:00:00", "references": [], "reporter": "Room-Hacker", "modified": "2009-02-05T00:00:00", "href": "http://0day.today/exploit/description/4805"}, "lastseen": "2016-04-19T23:28:24", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "=================================================================\r\nClearBudget 0.6.1 (Misspelled htaccess) Insecure DD Vulnerability\r\n=================================================================\r\n\r\n\r\n#############################################################################################\r\n[+] ClearBudget v0.6.1 Insecure Database Download\r\n[+] Discovered By Room-Hacker\r\n#############################################################################################\r\nEx :\r\nhttp://site.il/db/budget.sqlite\r\nDemo :\r\nhttp://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite\r\n####################################################################################\r\n\r\n\r\n\n# 0day.today [2018-04-09] #", "published": "2009-02-05T00:00:00", "references": [], "reporter": "Room-Hacker", "modified": "2009-02-05T00:00:00", "href": "https://0day.today/exploit/description/4805"}

{"openvas": [{"lastseen": "2019-03-14T14:24:03", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-28T00:00:00", "id": "OPENVAS:1361412562310842816", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842816", "title": "Ubuntu Update for linux USN-3021-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3021-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842816\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:26:20 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n \t\t\"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\", \"CVE-2016-4913\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3021-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Andrey Konovalov discovered that the CDC\n Network Control Model USB driver in the Linux kernel did not cancel work events\n queued if a later error occurred, resulting in a use-after-free. An attacker with\n physical access could use this to cause a denial of service (system crash).\n (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP layer in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3021-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3021-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-generic\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-generic-pae\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-highbank\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-omap\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-powerpc-smp\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-powerpc64-smp\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-105-virtual\", ver:\"3.2.0-105.146\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-03-14T14:24:20", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2016-06-28T00:00:00", "id": "OPENVAS:1361412562310842814", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842814", "title": "Ubuntu Update for linux-ti-omap4 USN-3021-2", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-ti-omap4 USN-3021-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842814\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:26:02 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\",\n\t\t\"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\", \"CVE-2016-4913\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-ti-omap4 USN-3021-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-ti-omap4'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Andrey Konovalov discovered that the CDC\n Network Control Model USB driver in the Linux kernel did not cancel work events\n queued if a later error occurred, resulting in a use-after-free. An attacker\n with physical access could use this to cause a denial of service (system crash).\n (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB implementation in\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel\ncould be coerced into overwriting kernel memory. A local unprivileged\nattacker could use this to possibly gain administrative privileges on\nsystems where InifiniBand related kernel modules are loaded.\n(CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA) subsystem of\nthe Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling\nin the Linux kernel. A local attacker could use this to obtain potentially\nsensitive information from kernel memory. (CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP layer in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to mount a\nmalicious iso9660 file system image could exploit this flaw to obtain\npotentially sensitive information from kernel memory. (CVE-2016-4913)\");\n script_tag(name:\"affected\", value:\"linux-ti-omap4 on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3021-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3021-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.2.0-1483-omap4\", ver:\"3.2.0-1483.110\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:27:18", "bulletinFamily": "scanner", "description": "Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP layer in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4913).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2018-12-01T00:00:00", "id": "UBUNTU_USN-3021-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=91884", "published": "2016-06-28T00:00:00", "title": "Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3021-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91884);\n script_version(\"2.7\");\n script_cvs_date(\"Date: 2018/12/01 15:12:40\");\n\n script_cve_id(\"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4580\", \"CVE-2016-4805\", \"CVE-2016-4913\");\n script_xref(name:\"USN\", value:\"3021-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux vulnerabilities (USN-3021-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB\nimplementation in the Linux kernel. A local attacker could use this to\nobtain potentially sensitive information from kernel memory.\n(CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling\nimplementation in the Advanced Linux Sound Architecture (ALSA)\nsubsystem of the Linux kernel. A local attacker could use this to\nobtain potentially sensitive information from kernel memory.\n(CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request\nhandling in the Linux kernel. A local attacker could use this to\nobtain potentially sensitive information from kernel memory.\n(CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP\nlayer in the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge\nimplementation in the Linux kernel. A local attacker who is able to\nmount a malicious iso9660 file system image could exploit this flaw to\nobtain potentially sensitive information from kernel memory.\n(CVE-2016-4913).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3021-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.2-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-105-generic\", pkgver:\"3.2.0-105.146\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-105-generic-pae\", pkgver:\"3.2.0-105.146\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-105-highbank\", pkgver:\"3.2.0-105.146\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.2.0-105-virtual\", pkgver:\"3.2.0-105.146\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.2-generic / linux-image-3.2-generic-pae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:10:16", "bulletinFamily": "unix", "description": "Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP layer in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913)", "modified": "2016-06-27T00:00:00", "published": "2016-06-27T00:00:00", "id": "USN-3021-2", "href": "https://usn.ubuntu.com/3021-2/", "title": "Linux kernel (OMAP4) vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T00:09:21", "bulletinFamily": "unix", "description": "Andrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nKangjie Lu discovered an information leak in the core USB implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4482)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nKangjie Lu discovered an information leak in the timer handling implementation in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4569, CVE-2016-4578)\n\nKangjie Lu discovered an information leak in the X.25 Call Request handling in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4580)\n\nBaozeng Ding discovered a use-after-free issue in the generic PPP layer in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-4805)\n\nIt was discovered that an information leak exists in the Rock Ridge implementation in the Linux kernel. A local attacker who is able to mount a malicious iso9660 file system image could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2016-4913)", "modified": "2016-06-27T00:00:00", "published": "2016-06-27T00:00:00", "id": "USN-3021-1", "href": "https://usn.ubuntu.com/3021-1/", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "zeroscience": [{"lastseen": "2019-03-25T17:34:08", "bulletinFamily": "exploit", "description": "Title: ATutor 2.0.2 Multiple Remote Vulnerabilities (SQLi/XSS/PD) \nAdvisory ID: [ZSL-2011-5036](<ZSL-2011-5036.php>) \nType: Remote \nImpact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data, Cross-Site Scripting \nRisk: (3/5) \nRelease Date: 06.08.2011 \n\n\n##### Summary\n\nATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. Educators can quickly assemble, package, and redistribute Web-based instructional content, easily retrieve and import prepackaged content, and conduct their courses online. \n\n##### Description\n\nATutor suffers from sql injection, cross-site scripting and path disclosure vulnerabilities. \n \nThe XSS issue is triggered when input passed via the 'search_friends_HASH' POST parameter, where HASH is the value generated by the 'rand_key' parameter, to the '/mods/_standard/social/index_public.php' script is not properly sanitised before being returned to the user. \n \nThe PD issues can be triggered by the cookie variable 'ATutorID' when setting random value or none in various scripts. \n \nThe SQLi issue can be triggered by 'p_course', 'name' and 'value' parameters in '/mods/_standard/social/set_prefs.php' script. \n \nTheese issues can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site, displaying the full installation path in an error report and to manipulate SQL queries by injecting arbitrary SQL code. \n\n##### Vendor\n\nATutor (Inclusive Design Institute) - <http://www.atutor.ca>\n\n##### Affected Version\n\n2.0.2 (build r10589) \n\n##### Tested On\n\nMicrosoft Windows XP Professional SP3 (EN) \nApache 2.2.14 (Win32) \nPHP 5.3.1 \nMySQL 5.1.41 \n\n##### Vendor Status\n\n[03.08.2011] Submited vulnerability details to vendor's bug tracking system. \n[05.08.2011] No reaction from vendor. \n[06.08.2011] Public security advisory released. \n[11.08.2011] Vendor releases fix. \n\n##### PoC\n\n[atutor_mv.txt](<../../codes/atutor_mv.txt>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <http://atutor.ca/atutor/mantis/view.php?id=4805> \n[2] <http://securityreason.com/wlb_show/WLB-2011080042> \n[3] <http://www.exploit-db.com/exploits/17631/> \n[4] <http://packetstormsecurity.org/files/103764> \n[5] <http://www.securityfocus.com/bid/49057> \n[6] <http://xforce.iss.net/xforce/xfdb/69086> \n[7] <http://xforce.iss.net/xforce/xfdb/69088>\n\n##### Changelog\n\n[06.08.2011] - Initial release \n[08.08.2011] - Added reference [4] and [5] \n[11.08.2011] - Added reference [6] and [7] \n[11.08.2011] - Added vendor status. \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "modified": "2011-08-06T00:00:00", "published": "2011-08-06T00:00:00", "id": "ZSL-2011-5036", "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2011-5036.php", "title": "ATutor 2.0.2 Multiple Remote Vulnerabilities (SQLi/XSS/PD)", "type": "zeroscience", "sourceData": "REQUEST LIMIT REACHED", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/atutor_mv.txt"}, {"lastseen": "2019-03-25T17:34:09", "bulletinFamily": "exploit", "description": "Title: ATutor 2.0.2 (lang) HTTP Response Splitting Vulnerability \nAdvisory ID: [ZSL-2011-5037](<ZSL-2011-5037.php>) \nType: Remote \nImpact: Cross-Site Scripting \nRisk: (3/5) \nRelease Date: 06.08.2011 \n\n\n##### Summary\n\nATutor is an Open Source Web-based Learning Content Management System (LCMS) designed with accessibility and adaptability in mind. Educators can quickly assemble, package, and redistribute Web-based instructional content, easily retrieve and import prepackaged content, and conduct their courses online. \n\n##### Description\n\nInput passed to the 'lang' parameter in '/documentation/index_list.php' is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers, which are included in a response sent to the user. \n \n\\-------------------------------------------------------------------------------- \n \n` /documentation/index_list.php \n---------------- \n1: <?php \n2: header('Location: index/index.php?'.$_GET['lang']); \n3: exit; \n4: ?> \n` \n\\-------------------------------------------------------------------------------- \n \n\n\n##### Vendor\n\nATutor (Inclusive Design Institute) - <http://www.atutor.ca>\n\n##### Affected Version\n\n2.0.2 (build r10589) \n\n##### Tested On\n\nMicrosoft Windows XP Professional SP3 (EN) \nApache 2.2.14 (Win32) \nPHP 5.3.1 \nMySQL 5.1.41 \n\n##### Vendor Status\n\n[03.08.2011] Submited vulnerability details to vendor's bug tracking system. \n[05.08.2011] No reaction from vendor. \n[06.08.2011] Public security advisory released. \n[11.08.2011] Vendor releases fix. \n\n##### PoC\n\n[atutor_httprs.txt](<../../codes/atutor_httprs.txt>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <http://atutor.ca/atutor/mantis/view.php?id=4805> \n[2] <http://securityreason.com/wlb_show/WLB-2011080041> \n[3] <http://www.exploit-db.com/exploits/17631/> \n[4] <http://packetstormsecurity.org/files/103765> \n[5] <http://www.securityfocus.com/bid/49057>\n\n##### Changelog\n\n[06.08.2011] - Initial release \n[08.08.2011] - Added reference [4] and [5] \n[11.08.2011] - Added vendor status. \n\n##### Contact\n\nZero Science Lab \n \nWeb: <http://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "modified": "2011-08-06T00:00:00", "published": "2011-08-06T00:00:00", "id": "ZSL-2011-5037", "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2011-5037.php", "title": "ATutor 2.0.2 (lang) HTTP Response Splitting Vulnerability", "type": "zeroscience", "sourceData": "REQUEST LIMIT REACHED", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "http://zeroscience.mk/en/vulnerabilities/../../codes/atutor_httprs.txt"}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "description": "========================================================================\r\nOpenX security advisory OPENX-SA-2009-002\r\n------------------------------------------------------------------------\r\nAdvisory ID: OPENX-SA-2009-002\r\nDate: 2009-Apr-01\r\nSecurity risk: Critical\r\nApplications affetced: OpenX\r\nVersions affected: <= 2.4.10, <= 2.6.4, <= 2.7.29-beta\r\nVersions not affected: >= 2.4.11, >= 2.6.5, >= 2.8.0\r\n========================================================================\r\n\r\n\r\n========================================================================\r\nMultiple vulnerabilities Discovered by Sandro Gauci\r\n========================================================================\r\n\r\nDescription\r\n-----------\r\nA security review was recently being conducted on Openx 2.6.4 by Sandro\r\nGauci. As part of the review he reported the following vulnerabilities:\r\n\r\n - SQL injection in adview.php and other delivery scripts because of\r\n missing or improper validation of the "OAID" cookie;\r\n - SQL injection in tjs.php because of missing or improper validation\r\n of the "referer" GET parameter;\r\n - XSS vulnerability in sso-accounts.php because of missing or improper\r\n validation of the "email" GET parameter (2.4.x not affected)\r\n - Possible arbitrary file deletion in tjs.php via the "trackerid" GET\r\n parameter\r\n - Possible CRLF injection in various delivery files because of missing\r\n sanitisation of parameters (PHP 4.4.2 or 5.1.2 and follwing versions\r\n are not affected)\r\n - Possible arbitrary file deletion in various delivery scripts\r\n\r\nBoth the SQL injection vulnerabilities can be remotely exploited by\r\nunauthenticated attackers: upgrading is strongly advised.\r\n\r\nReferences\r\n----------\r\nhttps://developer.openx.org/jira/browse/OX-4867\r\nhttp://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt\r\n\r\n\r\n========================================================================\r\nVulnerabilites previously repoted by Secunia\r\n========================================================================\r\n\r\nDescription\r\n-----------\r\nA security review was previously conducted by Sarid Harper on behalf of\r\nSecunia and led to the release of OpenX 2.4.10 and 2.6.4 fo fix a number\r\nof vulnerabilities. He recently reported that OpenX 2.6.4 was still\r\nvulnerable to two of them and they have been properly fixed now:\r\n\r\n - Input passed to the "userid" parameter in "www/admin/admin-user.php"\r\n is not properly sanitised before being returned to the user. This can\r\n be exploited to execute arbitrary HTML and script code in a user's\r\n browser session in the context of an affected site (#9)\r\n - Input passed to the "agencyid" parameter in\r\n "www/admin/agency-edit.php" is not properly sanitised before being\r\n returned to the user. This can be exploited to execute arbitrary\r\n HTML and script code in a user's browser session in the context of\r\n an affected site (#11)\r\n\r\nReferences\r\n----------\r\nhttp://secunia.com/advisories/32197/\r\nhttps://developer.openx.org/jira/browse/OX-4803\r\nhttps://developer.openx.org/jira/browse/OX-4805\r\nhttps://developer.openx.org/jira/browse/OX-4957\r\n\r\n\r\n========================================================================\r\nMultiple SQL injections and XSS vulnerabilities\r\n========================================================================\r\n\r\nDescription\r\n-----------\r\nA security review was internally performed following Secunia's report.\r\nA number of XSS vulnerabilities were found and fixed, plus several SQL\r\ninjection vulnerabilities:\r\n\r\n - SQL injection in userlog-index.php via the "advertiserId" parameter\r\n - SQL injection in channel-edit.php via the "affiliateid" parameter\r\n - SQL injection in banner-zone.php via the "bannerid" parameter\r\n\r\nAll require authentication to be exploited.\r\n\r\n\r\n\r\nReferences\r\n----------\r\nhttps://developer.openx.org/jira/browse/OX-4826\r\n\r\n\r\n\r\nSolution\r\n========\r\n\r\nWe stronly advise people running affected versions to upgrade to the\r\nmost recent versions of OpenX: 2.4.11, 2.6.5 or 2.8.0.\r\n\r\n\r\nContact informations\r\n====================\r\n\r\nThe security contact for OpenX can be reached at:\r\n<security AT openx DOT org>", "modified": "2009-04-03T00:00:00", "published": "2009-04-03T00:00:00", "id": "SECURITYVULNS:DOC:21577", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21577", "title": "[OPENX-SA-2009-002] OpenX 2.4.11, 2.6.5, 2.8.0 fix multiple vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:19", "bulletinFamily": "software", "description": "Multiple heap based, stack and integer overflows.", "modified": "2005-05-19T00:00:00", "published": "2005-05-19T00:00:00", "id": "SECURITYVULNS:VULN:4805", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:4805", "title": "Multiple Novell ZENworks remote management application vulnerabilities", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:09:17", "bulletinFamily": "software", "description": "DoS on invalid RPC packet.", "modified": "2003-07-10T00:00:00", "published": "2003-07-10T00:00:00", "id": "SECURITYVULNS:VULN:2966", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:2966", "title": "Coda DoS", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-08-31T11:10:08", "bulletinFamily": "software", "description": " _,'| _.-''``-...___..--';)\r\n /_ \'. __..-' , ,--...--'''\r\n <\ .`--''' ` /'\r\n `-';' ; ; ;\r\n __...--'' ___...--_..' .;.'\r\n fL (,__....----''' (,..--'' felinemenace.org\r\n\r\nProgram: Coda 6.0.1 and probably below\r\nImpact: Denial of service of all programs using RPC2\r\nDiscovered: Andrew Griffiths\r\n\r\n1) Background\r\n\r\n Coda is an advanced network filesystem that features many things not found\r\n in other packages.\r\n\r\n2) Description\r\n\r\n Programs using the RPC2 library can be killed remotely by sending malformed\r\n packets to the services.\r\n\r\n3) Notes\r\n\r\n Nothing special, although it was disturbingly easy to find.\r\n\r\n4) Vendor status/notes/fixes/statements\r\n\r\n coda@cs.cmu.edu was contacted, and Jan Harkes responded:\r\n\r\nFrom: Jan Harkes <jaharkes@cs.cmu.edu>\r\n\r\nOn Sun, Jul 06, 2003 at 02:32:57AM -0700, andrewg@felinemenace.org wrote:\r\n> While do some testing, I noticed I could reproducably trigger an assert\r\n> condition in the rpc2 code (I think its there).\r\n>\r\n> I managed to take out pretty much my test serverside of the coda setup.\r\n\r\nYeah, there are assertions sprinkled all over the place. The closer a\r\npacket resembles a valid rpc2 packet, the more likely it is that some\r\nassertion will get triggered.\r\n\r\nI've committed a fix for this case (and a couple of others in the same\r\narea) to CVS.\r\n\r\nJan\r\n\r\nReferences:\r\n Main coda page: http://coda.cs.cmu.edu\r\n Coda Denial of service code: http://felinemenace.org/exploits.html\r\n", "modified": "2003-07-10T00:00:00", "published": "2003-07-10T00:00:00", "id": "SECURITYVULNS:DOC:4805", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4805", "title": "Coda RPC2 Denial of Serviec", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}